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Mr.  Rangel,  from  the  Committee  on  Ways  and  Means, 
submitted  the  following 


REPORT 

together  with 
ADDITIONAL  VIEWS 

[To  accompany  H.R.  3046] 
[Including  cost  estimate  of  the  Congressional  Budget  Office] 

The  Committee  on  Ways  and  Means,  to  whom  was  referred  the 
bill  (H.R.  3046)  to  amend  the  Social  Security  Act  to  enhance  Social 
Security  account  number  privacy  protections,  to  prevent  fraudulent 
misuse  of  the  Social  Security  account  number,  and  to  otherwise  en- 
hance protection  against  identity  theft,  and  for  other  purposes, 
having  considered  the  same,  report  favorably  thereon  with  an 
amendment  and  recommend  that  the  bill  as  amended  do  pass. 
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The  amendment  is  as  follows: 

Strike  all  after  the  enacting  clause  and  insert  the  following: 

SECTION  1.  SHORT  TITLE  AND  TABLE  OF  CONTENTS. 

(a)  Short  Title. — This  Act  may  be  cited  as  the  "Social  Security  Number  Privacy 
and  Identity  Theft  Prevention  Act  of  2007". 

(b)  Table  of  Contents— The  table  of  contents  is  as  follows: 

Sec.  1.  Short  title  and  table  of  contents. 

Sec.  2.  Restrictions  on  the  sale  or  display  to  the  general  public  of  social  security  account  numbers  by  govern- 
mental entities. 

Sec.  3.  Prohibition  of  display  of  social  security  account  numbers  on  checks  issued  for  payment  by  governmental 
entities. 

Sec.  4.  Prohibition  of  the  display  of  social  security  account  numbers  on  certain  government  identification  cards 
or  tags. 

Sec.  5.  Prohibition  of  inmate  access  to  social  security  account  numbers. 

Sec.  6.  Measures  to  preclude  unauthorized  disclosure  by  governmental  entities  of  social  security  account  num- 
bers and  protect  the  confidentiality  of  such  numbers. 
Sec.  7.  Uniform  standards  for  truncation  of  the  social  security  account  number. 

Sec.  8.  Prohibition  of  the  sale,  purchase,  and  display  to  the  general  public  of  the  social  security  account  number 

in  the  private  sector. 
Sec.  9.  New  criminal  penalties  for  misuse  of  social  security  account  numbers. 
Sec.  10.  Extension  of  civil  monetary  penalty  authority. 

Sec.  11.  Criminal  penalties  for  employees  of  the  Social  Security  Administration  who  knowingly  and  fraudu- 
lently issue  social  security  cards  or  social  security  account  numbers. 
Sec.  12.  Enhanced  penalties  in  cases  of  terrorism,  drug  trafficking,  crimes  of  violence,  or  prior  offenses. 
Sec.  13.  Regulatory  and  enforcement  authority  with  respect  to  misuse  of  the  social  security  account  number. 
Sec.  14.  Study  on  feasibility  of  banning  social  security  account  number  as  an  authenticator. 

SEC.  2.  RESTRICTIONS  ON  THE  SALE  OR  DISPLAY  TO  THE  GENERAL  PUBLIC  OF  SOCIAL  SECU- 
RITY ACCOUNT  NUMBERS  BY  GOVERNMENTAL  ENTITIES. 

(a)  In  General.— Section  205(c)(2)(C)  of  the  Social  Security  Act  (42  U.S.C. 
405(c)(2)(C))  is  amended  by  adding  at  the  end  the  following  new  clause: 

"(x)(I)  A  governmental  entity  (as  defined  in  subclause  (X))  may  not  sell  or  display 
to  the  general  public  any  social  security  account  number  if  such  number  has  been 
disclosed  to  such  governmental  entity  pursuant  to  the  assertion  by  such  govern- 
mental entity  to  any  person  that  disclosure  of  such  number  is  a  statutory  or  regu- 
latory requirement.  Notwithstanding  the  preceding  sentence,  such  number  may  be 
sold  or  displayed  to  the  general  public  in  accordance  with  the  exceptions  specified 
in  subclauses  (II),  (III),  (IV),  (V),  (VI),  (VII),  and  (VIII)  (and  for  no  other  purpose). 

"(ID  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be  sold 
by  a  governmental  entity  to  the  extent  that  such  sale  is  specifically  authorized  by 
this  Act  or  the  Privacy  Act  of  1974. 

"(Ill)  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be  sold 
by  a  governmental  entity  to  the  extent  that  is  necessary  or  appropriate  for  law  en- 
forcement or  national  security  purposes,  as  determined  under  regulations  which 
shall  be  issued  as  provided  in  section  1129C. 

"(IV)  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be  sold 
by  a  governmental  entity  to  the  extent  that  such  sale  is  required  to  comply  with 
a  tax  law  of  the  United  States  or  of  any  State  (or  political  subdivision  thereof). 

"(V)  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be  sold 
by  a  State  department  of  motor  vehicles  as  authorized  under  subsection  (b)  of  sec- 
tion 2721  of  title  18,  United  States  Code,  if  such  number  is  to  be  used  pursuant 
to  such  sale  solely  for  purposes  permitted  under  paragraph  (1),  (6),  or  (9)  of  such 
subsection. 

"(VI)  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be  sold 
or  otherwise  made  available  by  a  governmental  entity  to  a  consumer  reporting  agen- 
cy (as  defined  in  section  603(f)  of  the  Fair  Credit  Reporting  Act  (15  U.S.C.  1681a(f))) 
for  use  or  disclosure  solely  for  permissible  purposes  described  in  section  604(a)  of 
such  Act  (15  U.S.C.  1681b(a)). 

"(VII)  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be 
sold  by  a  governmental  entity  to  the  extent  necessary  for  research  (other  than  mar- 
ket research)  conducted  by  any  governmental  entity  for  the  purpose  of  advancing 
the  public  good,  on  the  condition  that  the  researcher  provides  adequate  assurances 
that  the  social  security  account  numbers  will  not  be  used  to  harass,  target,  or  pub- 
licly reveal  information  concerning  any  identifiable  individuals,  that  information 
about  identifiable  individuals  obtained  from  the  research  will  not  be  used  to  make 
decisions  that  directly  affect  the  rights,  benefits,  or  privileges  of  specific  individuals, 
and  that  the  researcher  has  in  place  appropriate  safeguards  to  protect  the  privacy 
and  confidentiality  of  any  information  about  identifiable  individuals,  including  pro- 
cedures to  ensure  that  the  social  security  account  numbers  will  be  encrypted  or  oth- 
erwise appropriately  secured  from  unauthorized  disclosure.  In  the  case  of  medical 
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research,  the  Commissioner  of  Social  Security  shall  maintain  ongoing  consultation 
with  the  Office  for  Civil  Rights  of  the  Department  of  Health  and  Human  Services 
to  ensure  that  the  sale  or  purchase  of  social  security  account  numbers  which  con- 
stitute personally  identifiable  medical  information  is  permitted  only  in  compliance 
with  existing  Federal  rules  and  regulations  prescribed  by  the  Secretary  of  Health 
and  Human  Services  pursuant  to  section  264(c)  of  the  Health  Insurance  Portability 
and  Accountability  Act  of  1996  (110  Stat.  2033). 

"(VIII)  Notwithstanding  subclause  (I),  a  social  security  account  number  may  be 
sold  or  displayed  to  the  general  public  by  a  governmental  entity  under  such  other 
circumstances  as  may  be  specified  in  regulations  issued  as  provided  in  section 
1129C. 

"(IX)  This  clause  does  not  apply  with  respect  to  a  social  security  account  number 
of  a  deceased  individual. 

"(X)  For  purposes  of  this  clause,  the  term  'governmental  entity'  means  an  execu- 
tive, legislative,  or  judicial  agency  or  instrumentality  of  the  Federal  Government  or 
of  a  State  or  political  subdivision  thereof,  a  Federally  recognized  Indian  tribe,  or  a 
trustee  appointed  in  a  case  under  title  11,  United  States  Code.  Such  term  includes 
a  person  acting  as  an  agent  of  such  an  agency  or  instrumentality,  Indian  tribe,  or 
trustee.  For  purposes  of  this  subclause,  the  term  'State'  has  the  meaning  provided 
in  subparagraph  (D)(iii)(II). 

"(XI)  For  purposes  of  this  clause,  the  term  'sell'  means,  in  connection  with  a  social 
security  account,  to  obtain,  directly  or  indirectly,  anything  of  value  in  exchange  for 
such  number.  Such  term  does  not  include  the  submission  of  such  number  as  part 
of  the  process  for  applying  for  any  type  of  Government  benefits  or  programs  (such 
as  grants,  loans,  or  welfare  or  other  public  assistance  programs)  or  as  part  of  the 
administration  of,  or  provision  of  benefits  under,  an  employee  benefit  plan. 

"(XII)  For  purposes  of  this  clause,  the  term  'display  to  the  general  public'  shall 
have  the  meaning  provided  such  term  in  section  208A(a)(3)(A).  In  any  case  in  which 
a  governmental  entity  requires  transmittal  to  such  governmental  entity  of  an  indi- 
vidual's social  security  account  number  by  means  of  the  Internet  without  ensuring 
that  such  number  is  encrypted  or  otherwise  appropriately  secured  from  disclosure, 
any  such  transmittal  of  such  number  as  so  required  shall  be  treated,  for  purposes 
of  this  clause,  as  a  'display  to  the  general  public'  of  such  number  by  such  govern- 
mental entity  for  purposes  of  this  clause. 

"(XIII)  For  purposes  of  this  clause,  the  term  'social  security  account  number'  in- 
cludes any  derivative  of  such  number.  Notwithstanding  the  preceding  sentence,  any 
expression,  contained  in  or  on  any  item  sold  or  displayed  to  the  general  public,  shall 
not  be  treated  as  a  social  security  account  number  solely  because  such  expression 
sets  forth  not  more  than  the  last  4  digits  of  such  number,  if  the  remainder  of  such 
number  cannot  be  determined  based  solely  on  such  expression  or  any  other  matter 
presented  in  or  on  such  item. 

"(XTV)  Nothing  in  the  preceding  subclauses  of  this  clause  shall  be  construed  as 
superseding,  altering,  or  affecting  any  statute,  regulation,  order,  or  interpretation 
in  effect  under  any  other  Federal  or  State  law,  except  to  the  extent  that  such  stat- 
ute, regulation,  order,  or  interpretation  is  inconsistent  with  such  subclauses,  and 
then  only  to  the  extent  of  the  inconsistency.  For  purposes  of  this  subclause,  a  statue, 
regulation,  order,  or  interpretation  is  not  inconsistent  with  the  preceding  subclauses 
of  this  clause  if  the  protection  such  statute,  regulation,  order,  or  interpretation  af- 
fords any  person  is  greater  than  the  protection  provided  under  such  subclauses.". 

(b)  Effective  Date  and  Related  Rules  — 

(1)  In  general. — Initial  final  regulations  prescribed  to  carry  out  the  provi- 
sions of  section  205(c)(2)(C)(x)  of  the  Social  Security  Act  (added  by  this  section) 
shall  be  issued  not  later  than  the  last  date  of  the  18th  calendar  month  following 
the  date  of  the  enactment  of  this  Act.  Such  provisions  shall  take  effect,  with 
respect  to  matters  governed  by  such  regulations  issued  by  the  Commissioner  of 
Social  Security  or  any  other  agency  or  instrumentality  of  the  United  States,  1 
year  after  the  date  of  the  issuance  of  such  regulations  by  the  Commissioner  or 
such  other  agency  or  instrumentality,  respectively.  Such  provisions  shall  apply 
in  the  case  of  displays  to  the  general  public,  as  defined  in  section  208A(a)(3) 
of  such  Act  (added  by  section  8  of  this  Act),  to  such  displays  originally  occurring 
after  such  1-year  period.  Such  provisions  shall  not  apply  with  respect  to  any 
display  of  a  record  (containing  a  social  security  account  number  (or  any  deriva- 
tive thereof))  generated  prior  to  the  close  of  such  1-year  period. 

(2)  Sunset  of  exception. — The  last  sentence  of  subclause  (XIII)  of  section 
205(c)(2)(C)(x)  of  the  Social  Security  Act  (added  by  this  section)  shall  cease  to 
be  effective  with  respect  to  sales  or  displays  to  the  general  public  occurring 
after  2  years  after  the  effective  date  of  the  initial  final  regulations  prescribed 
to  carry  out  the  provisions  of  such  section  205(c)(2)(C)(x). 
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SEC.  3.  PROHIBITION  OF  DISPLAY  OF  SOCIAL  SECURITY  ACCOUNT  NUMBERS  ON  CHECKS 
ISSUED  FOR  PAYMENT  BY  GOVERNMENTAL  ENTITIES. 

(a)  In  General.— Section  205(c)(2)(C)  of  the  Social  Security  Act  (42  U.S.C. 
405(c)(2)(C))  (as  amended  by  section  2  of  this  Act)  is  amended  further  by  adding  at 
the  end  the  following  new  clause: 

"(xi)  No  governmental  entity  (as  defined  in  clause  (x)(X))  may  include  the  social 
security  account  number  of  any  individual  (or  any  derivative  of  such  number)  on 
any  check  issued  for  any  payment  by  such  governmental  entity  or  on  any  document 
attached  to  or  accompanying  such  a  check.". 

(b)  Effective  Date. — The  amendment  made  by  this  section  shall  apply  with  re- 
spect to  checks  (and  documents  attached  to  or  accompanying  such  checks)  issued 
after  1  year  after  the  date  of  the  enactment  of  this  Act. 

SEC.  4.  PROHIBITION  OF  THE  DISPLAY  OF  SOCIAL  SECURITY  ACCOUNT  NUMBERS  ON  CER- 
TAIN GOVERNMENT  IDENTIFICATION  CARDS  OR  TAGS. 

(a)  In  General.— Section  205(c)(2)(C)  of  the  Social  Security  Act  (42  U.S.C. 
405(c)(2)(C))  (as  amended  by  the  preceding  provisions  of  this  Act)  is  amended  fur- 
ther by  adding  at  the  end  the  following  new  clause: 

"(xii)  No  governmental  entity  (as  defined  in  clause  (x)(X)),  and  no  other  person 
offering  benefits  in  connection  with  an  employee  benefit  plan  maintained  by  such 
governmental  entity,  may  display  a  social  security  account  number  (or  any  deriva- 
tive thereof)  on  any  card  or  tag  that  is  commonly  provided — 
"(I)  to  employees  of  such  governmental  entity, 

"(II)  in  the  case  of  a  governmental  entity  which  is  an  educational  institution, 
to  its  students,  or 

"(III)  in  the  case  of  a  governmental  entity  which  is  a  medical  institution,  to 
its  patients, 

(or  to  their  family  members)  for  purposes  of  identification  or  include  on  such  card 
or  tag  a  magnetic  strip,  bar  code,  or  other  means  of  communication  which  conveys 
such  number  (or  derivative  thereof).  The  requirements  of  this  clause  shall  also  apply 
to  the  Medicare  card  issued  by  the  Department  of  Health  and  Human  Services.". 

(b)  Effective  Date. — The  amendment  made  by  this  section  shall  apply  with  re- 
spect to  cards  or  tags  issued  after  1  year  after  the  date  of  the  enactment  of  this 
Act,  except  that  the  last  sentence  of  section  205(c)(2)(C)(xii)  (as  added  by  this  sec- 
tion) shall  take  effect  2  and  one-half  years  after  the  date  of  the  enactment  of  this 
Act. 

SEC.  5.  PROHIBITION  OF  INMATE  ACCESS  TO  SOCIAL  SECURITY  ACCOUNT  NUMBERS. 

(a)  In  General.— Section  205(c)(2)(C)  of  the  Social  Security  Act  (42  U.S.C. 
405(c)(2)(C))  (as  amended  by  the  preceding  provisions  of  this  Act)  is  amended  fur- 
ther by  adding  at  the  end  the  following  new  clause: 

"(xiii)  No  governmental  entity  (as  defined  in  clause  (x)(X))  may  employ,  or  enter 
into  a  contract  for  the  use  or  employment  of,  prisoners  in  any  capacity  that  would 
allow  such  prisoners  access  to  the  social  security  account  numbers  of  other  individ- 
uals (or  any  derivatives  of  such  numbers).  For  purposes  of  this  clause,  the  term 
'prisoner'  means  an  individual  confined  in  a  jail,  prison,  or  other  penal  institution 
or  correctional  facility.". 

(b)  Effective  Date.— 

(1)  In  general. — Except  as  provided  in  paragraph  (2),  the  amendment  made 
by  this  section  shall  apply  with  respect  to  employment  of  prisoners,  or  entry 
into  contract  for  the  use  or  employment  of  prisoners,  on  or  after  the  date  of  the 
enactment  of  this  Act. 

(2)  Treatment  of  current  arrangements.— In  the  case  of— 

(A)  prisoners  employed  as  described  in  clause  (xiii)  of  section  205(c)(2)(C) 
of  the  Social  Security  Act  (as  added  by  this  section)  on  the  date  of  the  en- 
actment of  this  Act,  and 

(B)  contracts  described  in  such  clause  in  effect  on  such  date, 

the  amendment  made  by  this  section  shall  take  effect  90  days  after  the  date 
of  the  enactment  of  this  Act. 

SEC.  6.  MEASURES  TO  PRECLUDE  UNAUTHORIZED  DISCLOSURE  BY  GOVERNMENTAL  ENTI- 
TIES OF  SOCIAL  SECURITY  ACCOUNT  NUMBERS  AND  PROTECT  THE  CONFIDEN- 
TIALITY OF  SUCH  NUMBERS. 

(a)  In  General.— Section  205(c)(2)(C)  of  the  Social  Security  Act  (42  U.S.C. 
405(c)(2)(C))  (as  amended  by  the  preceding  provisions  of  this  Act)  is  amended  fur- 
ther by  adding  at  the  end  the  following  new  clause: 

"(xiv)  Except  as  otherwise  provided  in  this  paragraph,  in  the  case  of  any  govern- 
mental entity  (as  defined  in  clause  (x)(X))  having  access  to  an  individual's  social  se- 
curity account  number — 
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"(I)  no  officer  or  employee  thereof  shall  have  access  to  such  number  for  any 
purpose  other  than  the  effective  administration  of  the  statutory  provisions  gov- 
erning its  functions, 

"(II)  such  governmental  entity  shall  restrict,  to  the  satisfaction  of  the  Com- 
missioner of  Social  Security,  access  to  social  security  account  numbers  obtained 
thereby  to  officers  and  employees  thereof  whose  duties  or  responsibilities  re- 
quire access  for  the  administration  or  enforcement  of  such  provisions,  and 

"(III)  such  governmental  entity  shall  provide  such  other  safeguards  as  the 
Commissioner  determines  to  be  necessary  or  appropriate  to  preclude  unauthor- 
ized access  to  the  social  security  account  number  and  to  otherwise  protect  the 
confidentiality  of  such  number. 
For  purposes  of  this  clause  the  term  'social  security  account  number'  includes  any 
derivative  thereof.". 

(b)  Effective  Date. — The  amendment  made  by  this  section  shall  take  effect  1 
year  after  the  date  of  the  enactment  of  this  Act. 

SEC.  7.  UNIFORM  STANDARDS  FOR  TRUNCATION  OF  THE  SOCIAL  SECURITY  ACCOUNT  NUM- 
BER. 

(a)  In  General.— Section  205(c)(2)(C)  of  the  Social  Security  Act  (42  U.S.C. 
405(c)(2)(C))  (as  amended  by  the  preceding  provisions  of  this  Act)  is  amended  fur- 
ther by  adding  at  the  end  the  following  new  clause: 

"(xv)  The  truncation  by  any  governmental  entity  (as  defined  in  clause  (x)(X))  or 
by  any  person  in  the  private  sector  of  an  individual's  social  security  account  number 
which  is  used  by  such  governmental  entity  or  person  otherwise  in  accordance  with 
the  requirements  of  this  Act  shall  be  in  accordance  with  a  uniform  truncation  stand- 
ard which  shall  be  specified  in  regulations  prescribed  by  the  Commissioner  of  Social 
Security.  Under  such  standard,  the  number  as  truncated  shall  set  forth  not  more 
than  the  last  4  digits  of  the  number.  Nothing  in  this  clause  shall  be  construed  to 
authorize  any  use  of  the  social  security  account  number  which  is  not  otherwise  au- 
thorized by  this  title  or  regulations  prescribed  thereunder.". 

(b)  Effective  Date. — Initial  final  regulations  prescribed  to  carry  out  the  provi- 
sions of  section  205(c)(2)(C)(xv)  of  the  Social  Security  Act  (added  by  this  section) 
shall  be  issued  not  later  than  the  last  date  of  the  18th  calendar  month  following 
the  date  of  the  enactment  of  this  Act.  Such  provisions  shall  take  effect,  with  respect 
to  matters  governed  by  such  regulations  issued  by  the  Commissioner  or  any  other 
agency  or  instrumentality  of  the  United  States,  1  year  after  the  date  of  the  issuance 
of  such  regulations  by  the  Commissioner  or  such  other  agency  or  instrumentality, 
respectively. 

SEC.  8.  PROHIBITION  OF  THE  SALE,  PURCHASE,  AND  DISPLAY  TO  THE  GENERAL  PUBLIC  OF 
THE  SOCIAL  SECURITY  ACCOUNT  NUMBER  IN  THE  PRD7ATE  SECTOR. 

(a)  In  General. — Title  II  of  the  Social  Security  Act  is  amended  by  inserting  after 
section  208  (42  U.S.C.  408)  the  following  new  section: 

"PROHIBITION  OF  THE  SALE,  PURCHASE,  AND  DISPLAY  TO  THE  GENERAL  PUBLIC  OF  THE 
SOCIAL  SECURITY  ACCOUNT  NUMBER  IN  THE  PRIVATE  SECTOR 

"Sec.  208A.  (a)  Definitions. — For  purposes  of  this  section: 
"(1)  Person.— 

"(A)  In  general. — Subject  to  subparagraph  (B),  the  term  'person'  means 
any  individual,  partnership,  corporation,  trust,  estate,  cooperative,  associa- 
tion, or  any  other  entity. 

"(B)  Exclusion  OF  governmental  entities. — Such  term  does  not  include 
a  governmental  entity.  Nothing  in  this  subparagraph  shall  be  construed  to 
authorize,  in  connection  with  a  governmental  entity,  an  act  or  practice  oth- 
erwise prohibited  under  this  section  or  section  205(c)(2)(C). 
"(2)  Selling  and  purchasing. — 

"(A)  In  general.— Subject  to  subparagraph  (B) — 

"(i)  Sell. — The  term  'sell'  in  connection  with  a  social  security  account 
number  means  to  obtain,  directly  or  indirectly,  anything  of  value  in  ex- 
change for  such  number. 

"(ii)  Purchase. — The  term  'purchase'  in  connection  with  a  social  se- 
curity account  number  means  to  provide,  directly  or  indirectly,  any- 
thing of  value  in  exchange  for  such  number. 
"(B)  Exceptions. — The  terms  'sell'  and  'purchase'  in  connection  with  a  so- 
cial security  account  number  do  not  include  the  submission  of  such  number 
as  part  of — 

"(i)  the  process  for  applying  for  any  type  of  Government  benefits  or 
programs  (such  as  grants  or  loans  or  welfare  or  other  public  assistance 
programs), 
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"(ii)  the  administration  of,  or  provision  of  benefits  under,  an  employee 
benefit  plan,  or 

"(iii)  the  sale,  lease,  merger,  transfer,  or  exchange  of  a  trade  or  busi- 
ness. 

"(3)  Display  to  the  general  public— 

"(A)  In  general. — The  term  'display  to  the  general  public'  means,  in  con- 
nection with  a  social  security  account  number,  to  intentionally  place  such 
number  in  a  viewable  manner  on  an  Internet  site  that  is  available  to  the 
general  public  or  to  make  such  number  available  in  any  other  manner  in- 
tended to  provide  access  to  such  number  by  the  general  public. 

"(B)  Internet  transmissions. — In  any  case  in  which  a  person  requires 
transmittal  to  such  person  of  an  individual's  social  security  account  number 
by  means  of  the  Internet  without  ensuring  that  such  number  is  encrypted 
or  otherwise  well-secured  from  disclosure,  any  such  transmittal  of  such 
number  as  so  required  shall  be  treated  as  a  'display  to  the  general  public' 
of  such  number  by  such  person. 
"(4)  Social  security  account  number.— 

"(A)  In  general. — The  term  'social  security  account  number'  has  the 
meaning  given  such  term  in  section  208(e),  except  that  such  term  includes 
any  derivative  of  such  number. 

"(B)  4-digit  expression. — Notwithstanding  the  preceding  sentence,  for 
purposes  of  subsection  (b)(1)(A),  any  expression,  contained  in  or  on  any  item 
sold  or  displayed  to  the  general  public,  shall  not  be  treated  as  a  social  secu- 
rity account  number  solely  because  such  expression  sets  forth  not  more 
than  the  last  4  digits  of  such  number,  if  the  remainder  of  such  number  can- 
not be  determined  based  solely  on  such  expression  or  any  other  matter  pre- 
sented in  or  on  such  item. 
"(5)  Governmental  entity. — 

"(A)  In  general. — The  term  'governmental  entity  means  an  executive, 
legislative,  or  judicial  agency  or  instrumentality  of  the  Federal  Government, 
a  State  or  political  subdivision  thereof,  a  Federally  recognized  Indian  tribe, 
or  a  trustee  appointed  in  a  case  under  title  11,  United  States  Code.  Such 
term  includes  a  person  acting  as  an  agent  of  such  an  agency  or  instrumen- 
tality, Indian  tribe,  or  trustee. 

"(B)  State. — The  term  'State'  includes  the  District  of  Columbia,  the  Com- 
monwealth of  Puerto  Rico,  the  Virgin  Islands,  Guam,  the  Commonwealth 
of  the  Northern  Marianas,  and  the  Trust  Territory  of  the  Pacific  Islands. 
"(b)  Prohibition  of  Sale,  Purchase,  and  Display  to  the  General  Public. — 
"(1)  In  general. — Except  as  provided  in  paragraph  (2),  it  shall  be  unlawful 
for  any  person  to — 

"(A)  sell  or  purchase  a  social  security  account  number  or  display  to  the 
general  public  a  social  security  account  number,  or 

"(B)  obtain  or  use  any  individual's  social  security  account  number  for  the 
purpose  of  locating  or  identifying  such  individual  with  the  intent  to  harass, 
harm,  or  physically  injure  such  individual  or  using  the  identity  of  such  indi- 
vidual for  any  illegal  purpose. 
"(2)  Exceptions.— 

"(A)  In  general. — Notwithstanding  paragraph  (1),  and  subject  to  para- 
graph (3),  a  social  security  account  number  may  be  sold  or  purchased  by 
any  person  to  the  extent  provided  in  this  subsection  (and  for  no  other  pur- 
pose) as  follows: 

"(i)  to  the  extent  necessary  for  law  enforcement,  including  (but  not 
limited  to)  the  enforcement  of  a  child  support  obligation,  as  determined 
under  regulations  issued  as  provided  in  section  1129C; 

"(ii)  to  the  extent  necessary  for  national  security  purposes,  as  deter- 
mined under  regulations  issued  as  provided  in  section  1129C; 

"(iii)  to  the  extent  necessary  for  public  health  purposes; 

"(iv)  to  the  extent  necessary  in  emergency  situations  to  protect  the 
health  or  safety  of  1  or  more  individuals; 

"(v)  to  the  extent  that  the  sale  or  purchase  is  required  to  comply  with 
a  tax  law  of  the  United  States  or  of  any  State  (or  political  subdivision 
thereof); 

"(vi)  to  the  extent  that  the  sale  or  purchase  is  to  or  by  a  consumer 
reporting  agency  (as  defined  in  section  603(f)  of  the  Fair  Credit  Report- 
ing Act  (15  U.S.C.  1681a(f)))  for  use  or  disclosure  solely  for  permissible 
purposes  described  in  section  604(a)  of  such  Act  (15  U.S.C.  1681b(a)); 
and 

"(vii)  to  the  extent  necessary  for  research  (other  than  market  re- 
search) conducted  by  an  agency  or  instrumentality  of  the  United  States 
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or  of  a  State  or  political  subdivision  thereof  (or  a  person  acting  as  an 
agent  of  such  an  agency  or  instrumentality)  for  the  purpose  of  advanc- 
ing the  public  good,  on  the  condition  that  the  researcher  provides  ade- 
quate assurances  that — 

"(I)  the  social  security  account  numbers  will  not  be  used  to  har- 
ass, target,  or  publicly  reveal  information  concerning  any  identifi- 
able individuals; 

"(II)  information  about  identifiable  individuals  obtained  from  the 
research  will  not  be  used  to  make  decisions  that  directly  affect  the 
rights,  benefits,  or  privileges  of  specific  individuals;  and 

"(III)  the  researcher  has  in  place  appropriate  safeguards  to  pro- 
tect the  privacy  and  confidentiality  of  any  information  about  identi- 
fiable individuals,  including  procedures  to  ensure  that  the  social  se- 
curity account  numbers  will  be  encrypted  or  otherwise  appro- 
priately secured  from  unauthorized  disclosure. 
"(B)  Medical  research. — In  the  case  of  research  referred  to  in  subpara- 
graph (A)(vii)  consisting  of  medical  research,  the  Commissioner  of  Social  Se- 
curity shall  maintain  ongoing  consultation  with  the  Office  for  Civil  Rights 
of  the  Department  of  Health  and  Human  Services  to  ensure  that  the  sale 
or  purchase  of  social  security  account  numbers  which  constitute  personally 
identifiable  medical  information  is  permitted  only  in  compliance  with  exist- 
ing Federal  rules  and  regulations  prescribed  by  the  Secretary  of  Health  and 
Human  Services  pursuant  to  section  264(c)  of  the  Health  Insurance  Port- 
ability and  Accountability  Act  of  1996  (110  Stat.  2033). 
"(3)  Consent  and  other  circumstances  determined  by  regulation. — Not- 
withstanding paragraph  (1),  a  social  security  account  number  assigned  to  an  in- 
dividual may  be  sold  or  purchased  by  any  person — 

"(A)  to  the  extent  consistent  with  such  individual's  voluntary  and  affirma- 
tive written  consent  to  the  sale  or  purchase,  but  only  if — 

"(i)  the  terms  of  the  consent  and  the  right  to  refuse  consent  are  pre- 
sented to  the  individual  in  a  clear,  conspicuous,  and  understandable 
manner, 

"(ii)  the  individual  is  placed  under  no  obligation  to  provide  consent 
to  any  such  sale  or  purchase,  and 

"(hi)  the  terms  of  the  consent  authorize  the  individual  to  limit  the 
sale  or  purchase  to  purposes  directly  associated  with  the  transaction 
with  respect  to  which  the  consent  is  sought,  and 
"(B)  under  such  circumstances  as  may  be  deemed  appropriate  in  regula- 
tions issued  as  provided  under  section  1129C. 
"(c)  Prohibition  of  Display  on  Checks.— It  shall  be  unlawful  for  any  person  to 
include  the  social  security  account  number  of  any  other  individual  on  any  check 
issued  for  any  payment  by  such  person  or  on  any  document  attached  to  or  accom- 
panying such  a  check. 

"(d)  Prohibition  of  Unauthorized  Disclosure  to  Government  Agencies  or 
Instrumentalities. — 

"(1)  In  general. — It  shall  be  unlawful  for  any  person  to  communicate  by  any 
means  to  any  agency  or  instrumentality  of  the  United  States  or  of  any  State 
or  political  subdivision  thereof  the  social  security  account  number  of  any  indi- 
vidual other  than  such  person  without  the  written  permission  of  such  indi- 
vidual, unless  the  number  was  requested  by  the  agency  or  instrumentality.  In 
the  case  of  an  individual  who  is  legally  incompetent,  permission  provided  by  the 
individual's  legal  representatives  shall  be  deemed  to  be  permission  provided  by 
such  individual. 

"(2)  Exceptions. — Paragraph  (1)  shall  not  apply  to  the  extent  necessary — 

"(A)  for  law  enforcement,  including  (but  not  limited  to)  the  enforcement 
of  a  child  support  obligation,  or 
"(B)  for  national  security  purposes, 
as  determined  under  regulations  issued  as  provided  under  section  1129C. 
"(e)  Prohibition  of  the  Displays  on  Cards  or  Tags  Required  for  Access  to 
Goods,  Services,  or  Benefits. — No  person  may  display  a  social  security  account 
number  on  any  card  or  tag  issued  to  any  other  person  for  the  purpose  of  providing 
such  other  person  access  to  any  goods,  services,  or  benefits  or  include  on  such  card 
or  tag  a  magnetic  strip,  bar  code,  or  other  means  of  communication  which  conveys 
such  number. 

"(f)  Prohibition  of  the  Displays  on  Employee  Identification  Cards  or 
Tags. — No  person  that  is  an  employer,  and  no  other  person  offering  benefits  in  con- 
nection with  an  employee  benefit  plan  maintained  by  such  employer  or  acting  as  an 
agent  of  such  employer,  may  display  a  social  security  account  number  on  any  card 
or  tag  that  is  commonly  provided  to  employees  of  such  employer  (or  to  their  family 
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members)  for  purposes  of  identification  or  include  on  such  card  or  tag  a  magnetic 
strip,  bar  code,  or  other  means  of  communication  which  conveys  such  number. 

"(g)  Measures  to  Preclude  Unauthorized  Disclosure  of  Social  Security  Ac- 
count Numbers  and  Protect  the  Confidentiality  of  Such  Numbers. — Subject 
to  the  preceding  provisions  of  this  section,  any  person  having  access  to  the  social 
security  account  number  of  any  individual  other  than  such  person  shall,  to  the  ex- 
tent that  such  access  is  maintained  for  the  conduct  of  such  person's  trade  or  busi- 
ness— 

"(1)  ensure  that  no  officer  or  employee  thereof  has  access  to  such  number  for 
any  purpose  other  than  as  necessary  for  the  conduct  of  such  person's  trade  or 
business, 

"(2)  restrict,  in  accordance  with  regulations  of  the  Commissioner  of  Social  Se- 
curity, access  to  social  security  account  numbers  obtained  thereby  to  officers 
and  employees  thereof  whose  duties  or  responsibilities  require  access  for  the 
conduct  of  such  person's  trade  or  business,  and 

"(3)  provide  such  safeguards  as  may  be  specified,  in  regulations  of  the  Com- 
missioner of  Social  Security,  to  be  necessary  or  appropriate  to  preclude  unau- 
thorized access  to  the  social  security  account  number  and  to  otherwise  protect 
the  confidentiality  of  such  number. 
"(h)  Deceased  Individuals. — This  section  does  not  apply  with  respect  to  the  so- 
cial security  account  number  of  a  deceased  individual. 

"(i)  Applicability  of  Other  Protections.— Nothing  in  the  preceding  subsections 
of  this  section  shall  be  construed  as  superseding,  altering,  or  affecting  any  statutory 
provision,  regulation,  order,  or  interpretation  in  effect  under  any  other  Federal  or 
State  law,  except  to  the  extent  that  such  statutory  provision,  regulation,  order,  or 
interpretation  is  inconsistent  with  such  subsections,  and  then  only  to  the  extent  of 
the  inconsistency.  For  purposes  of  this  subclause,  a  statutory  provision,  regulation, 
order,  or  interpretation  is  not  inconsistent  with  the  preceding  subsections  of  this 
section  if  the  protection  such  statutory  provision,  regulation,  order,  or  interpretation 
affords  any  person  is  greater  than  the  protection  provided  under  such  subsections.", 
(b)  Effective  Date  and  Related  Rules.— 

(1)  In  general. — Initial  final  regulations  prescribed  to  carry  out  the  provi- 
sions of  section  208A  of  the  Social  Security  Act  (added  by  this  section)  shall  be 
issued  not  later  than  the  last  date  of  the  18th  calendar  month  following  the 
date  of  the  enactment  of  this  Act.  Such  provisions  shall  take  effect,  with  respect 
to  matters  governed  by  such  regulations  issued  by  the  Commissioner  of  Social 
Security  or  any  other  agency  or  instrumentality  of  the  United  States,  1  year 
after  the  date  of  the  issuance  of  such  regulations  by  the  Commissioner  of  Social 
Security  or  such  other  agency  or  instrumentality,  respectively.  Section  208A(b) 
of  such  Act  shall  apply  in  the  case  of  displays  to  the  general  public  (as  defined 
in  section  208A(a)(3)  of  such  Act)  to  such  displays  to  the  general  public  origi- 
nally occurring  after  such  1-year  period.  Such  provisions  shall  not  apply  with 
respect  to  any  such  display  to  the  general  public  of  a  record  (containing  a  social 
security  account  number  (or  any  derivative  thereof))  generated  prior  to  the  close 
of  such  1-year  period. 

(2)  Sunset  of  exception. — Section  208A(a)(4)(B)  of  the  Social  Security  Act 
(added  by  this  section)  shall  cease  to  be  effective  with  respect  to  sales,  pur- 
chases, or  displays  to  the  general  public  occurring  after  2  years  after  the  effec- 
tive date  of  the  initial  final  regulations  prescribed  to  carry  out  the  provisions 
of  section  208A  of  such  Act. 

SEC.  9.  new  criminal  penalties  for  misuse  of  social  security  account  numbers. 

(a)  In  General.— Section  208  of  the  Social  Security  Act  (42  U.S.C.  408)  is  amend- 
ed— 

(1)  in  subsection  (a),  by  inserting  "or"  at  the  end  of  paragraph  (8)  and  by  in- 
serting after  paragraph  (8)  the  following  new  paragraph: 

"(9)  willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  section 
208A(b)(l)(B);". 

(2)  by  redesignating  subsections  (b)  through  (e)  as  subsections  (c)  through  (f), 
respectively; 

(3)  in  subsection  (c)(1)  (as  so  redesignated),  by  inserting  "or  (b)"  after  "sub- 
section (a)";  and 

(4)  by  inserting  after  subsection  (a)  the  following  new  subsection: 
"(b)(1)  Whoever— 

"(A)  knowingly,  and  with  intent  to  commit,  or  to  aid  or  abet,  any  activity  that 
constitutes  a  violation  of  Federal  law,  or  a  violation  of  any  applicable  law  of  a 
State  or  political  subdivision  thereof  if  the  maximum  penalty  of  such  applicable 
law  includes  imprisonment  for  5  years  or  more — 
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"(i)  possesses  the  social  security  account  number  of  another  person  with- 
out lawful  authority,  or 

"(ii)  possesses  a  social  security  card,  knowing  that  the  social  security  ac- 
count number  or  other  identifying  information  displayed  on  the  card  has 
been  altered,  counterfeited,  or  forged  or  that  the  card  was  falsely  made,  sto- 
len, or  obtained  from  the  Social  Security  Administration  by  use  of  false  in- 
formation; 

if  such  activity  is  committed,  or  aided  or  abetted,  with  intent  to  use  such  social 
security  account  number,  social  security  card,  or  other  identifying  information 
displayed  on  such  card  in  furtherance  of  such  violation; 
"(B)  being— 

"(i)  an  officer  or  employee  of  any  governmental  entity  (as  defined  in  sec- 
tion 205(c)(2)(C)(x)(X)),  or 

"(ii)  a  person  acting  as  an  agent  of  a  governmental  entity  (as  so  defined), 
willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause  (vi)(II),  (xi),  (xii), 
or  (xv)  of  section  205(c)(2)(C); 

"(C)  being  a  trustee  appointed  in  a  case  under  title  11,  United  States  Code 
(or  an  officer  or  employee  thereof  or  a  person  acting  as  an  agent  thereof),  will- 
fully acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause  (xi)  or  (xv)  of  section 
205(c)(2)(C);  or 

"(D)  willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  subsection  (c), 
(d),  (e),  or  (f)  of  section  208A  or,  as  a  person  in  the  private  sector,  willfully  acts 
or  fails  to  act  so  as  to  cause  a  violation  of  section  205(c)(2)(C)(xv); 
shall  be  guilty  of  a  misdemeanor  and  upon  conviction  thereof  shall  be  fined  under 
title  18,  United  States  Code,  or  imprisoned  for  not  more  than  1  year,  or  both. 
"(2)(A)  Whoever— 

"(i)  with  intent  to  deceive,  discloses,  sells,  or  transfers  his  own  social  security 
account  number,  assigned  to  him  by  the  Commissioner  of  Social  Security  (in  the 
exercise  of  the  Commissioner's  authority  under  section  205(c)(2)  to  establish  and 
maintain  records),  to  any  person; 

"(ii)  without  lawful  authority,  offers,  for  a  fee,  to  acquire  for  any  individual, 
or  to  assist  in  acquiring  for  any  individual,  an  additional  social  security  account 
number  or  a  number  that  is  purported  to  be  a  social  security  account  number; 

"(iii)  being — 

"(I)  an  officer  or  employee  of  any  governmental  entity  (as  defined  in  sec- 
tion 205(c)(2)(C)(x)(X)),  or 

"(II)  a  person  acting  as  an  agent  of  a  governmental  entity  (as  so  defined), 
willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause  (x),  (xiii),  or  (xiv) 
of  section  205(c)(2)(C); 

"(iv)  being  a  trustee  appointed  in  a  case  under  title  11,  United  States  Code 
(or  an  officer  or  employee  thereof  or  a  person  acting  as  an  agent  thereof),  will- 
fully acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause  (x)  or  (xiv)  of  section 
205(c)(2)(C);  or 

"(v)  willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  subsection 
(b)(1)(A)  or  (g)  of  section  208A; 
shall  be  fined,  imprisoned,  or  both,  as  provided  in  subparagraph  (B). 
"(B)  A  person  convicted  of  a  violation  described  in  subparagraph  (A)  shall — 

"(i)  be  fined  under  title  18,  United  States  Code,  imprisoned  not  more  than  1 
year,  or  both;  and 

"(ii)  if  the  offense  is  committed  under  false  pretenses  or  for  commercial  advan- 
tage, personal  gain,  or  malicious  harm,  be  fined  under  title  18,  United  States 
Code,  imprisoned  not  more  than  5  years,  or  both.", 
(b)  Effective  Dates. — The  amendments  made  by  this  section  shall  apply  with  re- 
spect to  each  violation  occurring  after  the  date  of  the  enactment  of  this  Act,  except 
that  subparagraphs  (B),  (C),  and  (D)  of  section  208(b)(1)  of  such  Act  and  clauses  (iii), 
(iv),  and  (v)  of  section  208(b)(2)(A)  of  such  Act  (added  by  subsection  (a)(3))  shall 
apply,  in  connection  with  violations  of  clause  (x),  (xi),  (xii),  (xiii),  (xiv),  or  (xv)  of  sec- 
tion 205(c)(2)(C)  or  section  208A,  with  respect  to  each  violation  occurring  on  or  after 
the  effective  date  applicable  with  respect  to  such  violation  under  section  2,  3,  4,  5, 
6,  7,  or  8. 

SEC.  10.  EXTENSION  OF  CIVIL  MONETARY  PENALTY  AUTHORITY. 

(a)  Application  of  CrvaL  Money  Penalties  to  Elements  of  Criminal  Viola- 
tions.—Section  1129(a)  of  the  Social  Security  Act  (42  U.S.C.  1320a-8(a))  is  amend- 
ed— 

(1)  by  redesignating  paragraphs  (2)  and  (3)  as  paragraphs  (4)  and  (5),  respec- 
tively; 

(2)  by  designating  the  last  sentence  of  paragraph  (1)  as  a  new  paragraph  (2), 
appearing  after  and  below  paragraph  (1);  and 
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(3)  by  inserting  after  paragraph  (2)  (as  designated  under  paragraph  (2)  of  this 
subsection)  the  following: 
"(3)  Any  person  (including  an  organization,  agency,  or  other  entity)  who — 

"(A)  uses  a  social  security  account  number  that  such  person  knows  or  should 
know  has  been  assigned  by  the  Commissioner  of  Social  Security  (in  an  exercise 
of  authority  under  section  205(c)(2)  to  establish  and  maintain  records)  on  the 
basis  of  false  information  furnished  to  the  Commissioner  by  any  person; 

"(B)  falsely  represents  a  number  to  be  the  social  security  account  number  as- 
signed by  the  Commissioner  of  Social  Security  to  any  individual,  when  such  per- 
son knows  or  should  know  that  such  number  is  not  the  social  security  account 
number  assigned  by  the  Commissioner  to  such  individual; 

"(C)  with  intent  to  deceive,  alters  a  social  security  card  that  the  person  knows 
or  should  know  was  issued  by  the  Commissioner  of  Social  Security,  or  possesses 
such  a  card  with  intent  to  alter  it; 

"(D)  buys  or  sells  a  card  that  such  person  knows  or  should  know  is,  or  is  pur- 
ported to  be,  a  card  issued  by  the  Commissioner  of  Social  Security,  or  possesses 
such  a  card  with  intent  to  buy  or  sell  it; 

"(E)  counterfeits  a  social  security  card,  or  possesses  a  counterfeit  social  secu- 
rity card  with  intent  to  buy  or  sell  it; 

"(F)  discloses,  uses,  compels  the  disclosure  of,  or  knowingly  sells  or  purchases 
the  social  security  account  number  of  any  person  in  violation  of  the  laws  of  the 
United  States; 

"(G)  with  intent  to  deceive  the  Commissioner  of  Social  Security  as  to  such 
person's  true  identity  (or  the  true  identity  of  any  other  person),  furnishes  or 
causes  to  be  furnished  false  information  to  the  Commissioner  with  respect  to 
any  information  required  by  the  Commissioner  in  connection  with  the  establish- 
ment and  maintenance  of  the  records  provided  for  in  section  205(c)(2); 

"(H)  without  lawful  authority,  offers,  for  a  fee,  to  acquire  for  any  individual, 
or  to  assist  in  acquiring  for  any  individual,  an  additional  social  security  account 
number  or  a  number  which  is  purported  to  be  a  social  security  account  number; 

"(I)  with  intent  to  deceive,  discloses,  sells,  or  transfers  his  own  social  security 
account  number,  assigned  to  him  by  the  Commissioner  of  Social  Security  under 
section  205(c)(2)(B),  to  any  person; 

"(J)  knowingly,  and  with  intent  to  commit,  or  to  aid  or  abet,  any  activity  that 
constitutes  a  violation  of  Federal  law,  or  a  violation  of  any  applicable  law  of  a 
State  or  political  subdivision  thereof  if  the  maximum  penalty  of  such  applicable 
law  includes  imprisonment  for  5  years  or  more — 

"(i)  possesses  a  social  security  account  number  of  another  individual  with- 
out lawful  authority,  or 

"(ii)  possesses  a  social  security  card,  knowing  that  the  social  security  ac- 
count number  or  other  identifying  information  displayed  on  the  card  has 
been  altered,  counterfeited,  or  forged  or  that  the  card  was  falsely  made,  sto- 
len, or  obtained  from  the  Social  Security  Administration  by  use  of  false  in- 
formation, 

if  such  activity  is  committed,  or  aided  or  abetted,  with  intent  to  use  such  social 
security  account  number,  social  security  card,  or  other  identifying  information 
displayed  on  such  card  in  furtherance  of  such  violation; 
"(K)  being- 

"(i)  an  officer  or  employee  of  a  governmental  entity  (as  defined  in  section 
205(c)(2)(C)(x)(X)),  or 
"(ii)  a  person  acting  as  an  agent  of  a  governmental  entity  (as  so  defined), 
willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause  (vi)(II),  (x),  (xi), 
(xii),  (xiii),  (xiv),  or  (xv)  of  section  205(c)(2)(C); 

"(L)  being  a  trustee  appointed  in  a  case  under  title  11,  United  States  Code 
(or  an  officer  or  employee  thereof  or  a  person  acting  as  an  agent  thereof),  will- 
fully acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause  (x),  (xi),  (xiv),  or 
(xv)  of  section  205(c)(2)(C); 

"(M)  violates  section  208A  (relating  to  prohibition  of  the  sale,  purchase,  or  dis- 
play of  the  social  security  account  number  in  the  private  sector)  or,  as  a  person 
in  the  private  sector,  violates  section  205(c)(2)(C)(xv);  or 

"(N)  violates  section  208(g)  (relating  to  fraud  by  social  security  administration 
employees); 

shall  be  subject  to,  in  addition  to  any  other  penalties  that  may  be  prescribed  by  law, 
a  civil  money  penalty  of  not  more  than  $5,000  for  each  violation.  Such  person  shall 
also  be  subject  to  an  assessment,  in  lieu  of  damages  sustained  by  the  United  States 
resulting  from  such  violation,  of  not  more  than  twice  the  amount  of  any  benefits  or 
payments  paid  as  a  result  of  such  violation.". 

(b)  Effective  Dates. — The  amendments  made  by  this  section  shall  apply  with  re- 
spect to  violations  committed  after  the  date  of  the  enactment  of  this  Act,  except  that 
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subparagraphs  (J),  (K),  (L),  and  (M)  of  section  1129(a)(3)  of  the  Social  Security  Act 
(added  by  subsection  (a))  shall  apply  with  respect  to  violations  of  the  provisions  of 
clause  (x),  (xi),  (xii),  (xiii),  (xiv),  or  (xv)  of  section  205(c)(2)(C)  or  section  208A  occur- 
ring on  or  after  the  applicable  effective  date  provided  in  connection  with  such  provi- 
sions under  section  2,  3,  4,  5,  6,  7,  or  8  of  this  Act. 

SEC.  11.  CRIMINAL  PENALTIES  FOR  EMPLOYEES  OF  THE  SOCIAL  SECURITY  ADMINISTRATION 
WHO  KNOWINGLY  AND  FRAUDULENTLY  ISSUE  SOCIAL  SECURITY  CARDS  OR  SO- 
CIAL SECURITY  ACCOUNT  NUMBERS. 

(a)  In  General. — Section  208  of  the  Social  Security  Act  (as  amended  by  section 
9)  is  amended  further  by  adding  at  the  end  the  following  new  subsection: 

"(g)(1)  Whoever  is  an  employee  of  the  Social  Security  Administration  and  know- 
ingly and  fraudulently  sells  or  transfers  one  or  more  social  security  account  num- 
bers or  social  security  cards  shall,  upon  conviction,  be  guilty  of  a  felony  and  fined 
under  title  18,  United  States  Code,  imprisoned  as  provided  in  paragraph  (2),  or 
both. 

"(2)  Imprisonment  for  a  violation  described  in  paragraph  (1)  shall  be  for — 

"(A)  not  more  than  5  years,  in  the  case  of  an  employee  of  the  Social  Security 
Administration  who  has  fraudulently  sold  or  transferred  not  more  than  50  so- 
cial security  account  numbers  or  social  security  cards, 

"(B)  not  more  than  10  years,  in  the  case  of  an  employee  of  the  Social  Security 
Administration  who  has  fraudulently  sold  or  transferred  more  than  50,  but  not 
more  than  100,  social  security  account  numbers  or  social  security  cards,  or 

"(C)  not  more  than  20  years,  in  the  case  of  an  employee  of  the  Social  Security 
Administration  who  has  fraudulently  sold  or  transferred  more  than  100  social 
security  account  numbers  or  social  security  cards. 
"(3)  For  purposes  of  this  subsection — 

"(A)  The  term  'social  security  employee'  means  any  State  employee  of  a  State 
disability  determination  service,  any  officer,  employee,  or  contractor  of  the  So- 
cial Security  Administration,  any  employee  of  such  a  contractor,  or  any  volun- 
teer providing  services  or  assistance  in  any  facility  of  the  Social  Security  Ad- 
ministration. 

"(B)  The  term  'social  security  account  number'  means  a  social  security  account 
number  assigned  by  the  Commissioner  of  Social  Security  under  section 
205(c)(2)(B)  or  another  number  that  has  not  been  so  assigned  but  is  purported 
to  have  been  so  assigned. 

"(C)  The  term  'social  security  card'  means  a  card  issued  by  the  Commissioner 
of  Social  Security  under  section  205(c)(2)(G),  another  card  which  has  not  been 
so  issued  but  is  purported  to  have  been  so  issued,  and  banknote  paper  of  the 
type  described  in  section  205(c)(2)(G)  prepared  for  the  entry  of  social  security 
account  numbers,  whether  fully  completed  or  not.". 

(b)  Effective  Date.— The  amendment  made  by  this  section  shall  apply  with  re- 
spect to  violations  occurring  on  or  after  the  date  of  the  enactment  of  this  Act. 

SEC.  12.  ENHANCED  PENALTIES  IN  CASES  OF  TERRORISM,  DRUG  TRAFFICKING,  CRIMES  OF 
VIOLENCE,  OR  PRIOR  OFFENSES. 

(a)  Amendments  to  Title  II.— Section  208  of  the  Social  Security  Act  (as  amended 
by  the  preceding  provisions  of  this  Act)  is  amended  further — 

(1)  in  subsection  (a),  by  striking  "shall  be  fined"  and  all  that  follows  and  in- 
serting the  following:  "shall  be  fined,  imprisoned,  or  both,  as  provided  in  sub- 
section (c)."; 

(2)  in  subsection  (b)(2)(B)(ii)  (as  added  by  section  9),  by  striking  "be  fined"  and 
all  that  follows  and  inserting  the  following:  "be  fined,  imprisoned,  or  both,  as 
provided  in  subsection  (c)."; 

(3)  by  striking  subsection  (d); 

(4)  by  redesignating  subsection  (c)  as  subsection  (d);  and 

(5)  by  inserting  after  subsection  (b)  the  following  new  subsection: 

"(c)  A  person  convicted  of  a  violation  described  in  subsection  (a)  or  a  violation  de- 
scribed in  subsection  (b)(2)(A)  which  is  subject  to  subsection  (b)(2)(B)(ii)  shall  be — 
"(1)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
5  years,  or  both,  in  the  case  of  an  initial  violation,  subject  to  paragraphs  (3)  and 
(4), 

"(2)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
10  years,  or  both,  in  the  case  of  a  violation  which  occurs  after  a  prior  conviction 
for  another  offense  under  subsection  (a)  becomes  final,  subject  to  paragraphs  (3) 
and  (4), 

"(3)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
20  years,  in  the  case  of  a  violation  which  is  committed  to  facilitate  a  drug  traf- 
ficking crime  (as  defined  in  section  929(a)(2)  of  title  18,  United  States  Code)  or 
in  connection  with  a  crime  of  violence  (as  defined  in  section  924(c)(3)  of  title  18, 
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United  States  Code)  involving  force  against  the  person  of  another,  subject  to 
paragraph  (4),  and 

"(4)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
25  years,  in  the  case  of  a  violation  which  is  committed  to  facilitate  an  act  of 
international  or  domestic  terrorism  (as  defined  in  paragraphs  (1)  and  (5),  re- 
spectively, of  section  2331  of  title  18,  United  States  Code).". 

(b)  Amendments  to  Title  VIII.— Section  811  of  such  Act  (42  U.S.C.  1011)  is 
amended — 

(1)  in  subsection  (a),  by  striking  "shall  be  fined"  and  all  that  follows  and  in- 
serting "shall  be  fined,  imprisoned,  or  both,  as  provided  in  subsection  (b)."; 

(2)  by  redesignating  subsection  (b)  as  subsection  (c);  and 

(3)  by  inserting  after  subsection  (a)  the  following  new  subsection: 

"(b)  Punishment. — A  person  convicted  of  a  violation  described  in  subsection  (a) 
shall  be — 

"(1)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
5  years,  or  both,  in  the  case  of  an  initial  violation,  subject  to  paragraphs  (3)  and 

(4), 

"(2)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
10  years,  or  both,  in  the  case  of  a  violation  which  occurs  after  a  prior  conviction 
for  another  offense  under  subsection  (a)  becomes  final,  subject  to  paragraphs  (3) 
and  (4), 

"(3)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
20  years,  in  the  case  of  a  violation  which  is  committed  to  facilitate  a  drug  traf- 
ficking crime  (as  defined  in  section  929(a)(2)  of  title  18,  United  States  Code)  or 
in  connection  with  a  crime  of  violence  (as  defined  in  section  924(c)(3)  of  title  18, 
United  States  Code)  involving  force  against  the  person  of  another,  subject  to 
paragraph  (4),  and 

"(4)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
25  years,  in  the  case  of  a  violation  which  is  committed  to  facilitate  an  act  of 
international  or  domestic  terrorism  (as  defined  in  paragraphs  (1)  and  (5),  re- 
spectively, of  section  2331  of  title  18,  United  States  Code).". 

(c)  Amendments  to  Title  XVI.— Section  1632  of  such  Act  (42  U.S.C.  1383a)  is 
amended — 

(1)  in  subsection  (a),  by  striking  "shall  be  fined"  and  all  that  follows  and  in- 
serting "shall  be  fined,  imprisoned,  or  both,  as  provided  in  subsection  (b)."; 

(2)  by  redesignating  subsections  (b)  and  (c)  as  subsections  (c)  and  (d),  respec- 
tively; and 

(3)  by  inserting  after  subsection  (a)  the  following  new  subsection: 

"(b)  A  person  convicted  of  a  violation  described  in  subsection  (a)  shall  be — 

"(1)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
5  years,  or  both,  in  the  case  of  an  initial  violation,  subject  to  paragraphs  (3)  and 

(4), 

"(2)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
10  years,  or  both,  in  the  case  of  a  violation  which  occurs  after  a  prior  conviction 
for  another  offense  under  subsection  (a)  becomes  final,  subject  to  paragraphs  (3) 
and  (4), 

"(3)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
20  years,  in  the  case  of  a  violation  which  is  committed  to  facilitate  a  drug  traf- 
ficking crime  (as  defined  in  section  929(a)(2)  of  title  18,  United  States  Code)  or 
in  connection  with  a  crime  of  violence  (as  defined  in  section  924(c)(3)  of  title  18, 
United  States  Code)  involving  force  against  the  person  of  another,  subject  to 
paragraph  (4),  and 

"(4)  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not  more  than 
25  years,  in  the  case  of  a  violation  which  is  committed  to  facilitate  an  act  of 
international  or  domestic  terrorism  (as  defined  in  paragraphs  (1)  and  (5),  re- 
spectively, of  section  2331  of  title  18,  United  States  Code).". 

(d)  EFFECTrvE  Date. — The  amendments  made  by  this  section  shall  apply  with  re- 
spect to  violations  occurring  after  the  date  of  the  enactment  of  this  Act. 

SEC.  13.  REGULATORY  AND  ENFORCEMENT  AUTHORITY  WITH  RESPECT  TO  MISUSE  OF  THE 
SOCIAL  SECURITY  ACCOUNT  NUMBER. 

Title  XI  of  the  Social  Security  Act  is  amended  by  inserting  after  section  1129B 
(42  U.S.C.  1320a-7b)  the  following  new  section: 

"REGULATORY  AND  ENFORCEMENT  AUTHORITY  WITH  RESPECT  TO  MISUSE  OF  THE 
SOCIAL  SECURITY  ACCOUNT  NUMBER 

"Sec  1129C.  (a)  Regulatory  Authority.— 

"(1)  In  general. — The  Commissioner  of  Social  Security  shall  prescribe  regula- 
tions to  carry  out  the  provisions  of  clauses  (vi)(II),  (x),  (xi),  (xii),  (xiii),  (xiv),  and 
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(xv)  of  section  205(c)(2)(C)  and  section  208A.  Such  regulations  shall  be  issued 
in  consultation  with  the  Federal  Trade  Commission,  the  Attorney  General  of  the 
United  States,  the  Secretary  of  Homeland  Security,  the  Secretary  of  Health  and 
Human  Services,  the  Secretary  of  the  Treasury,  the  Federal  banking  agencies 
(as  defined  in  section  3  of  the  Federal  Deposit  Insurance  Act),  the  National 
Credit  Union  Administration,  the  Securities  and  Exchange  Commission,  State 
attorneys  general,  and  such  representatives  of  the  State  insurance  commis- 
sioners as  may  be  designated  by  the  National  Association  of  Insurance  Commis- 
sioners. 

"(2)  Treatment  of  matters  relating  to  law  enforcement  and  national 
security. — In  issuing  the  regulations  described  in  paragraph  (1)  with  respect 
to  the  provisions  of  205(c)(2)(C)(x)(III),  paragraph  (A)  or  (B)  of  section 
208A(b)(2),  or  section  208A(c)(2)  (relating  to  law  enforcement  and  national  secu- 
rity), the  sale  or  purchase  of  Social  Security  account  numbers  may  be  author- 
ized only  if  the  Commissioner  (or  the  agency  or  instrumentality  delegated  au- 
thority to  issue  such  regulations  under  paragraph  (5))  determines  that — 

"(A)  such  sale  or  purchase  would  serve  a  compelling  public  interest  that 
cannot  reasonably  be  served  through  alternative  measures,  and 

"(B)  such  sale  or  purchase  will  not  pose  an  unreasonable  risk  of  identity 
theft,  or  bodily,  emotional,  or  financial  harm  to  an  individual  (taking  into 
account  any  restrictions  and  conditions  that  the  agency  or  instrumentality 
issuing  the  regulations  imposes  on  the  sale,  purchase,  or  disclosure). 
"(3)  Treatment  of  other  matters  in  general  discretion  of  the  commis- 
sioner.— 

"(A)  In  GENERAL. — In  issuing  the  regulations  described  in  paragraph  (1) 
with  respect  to  the  provisions  of  section  205(c)(2)(C)(x)(VIII)  or  section 
208A(b)(3)(B),  the  sale,  purchase,  or  display  to  the  general  public  of  social 
security  account  numbers  may  be  authorized  only  after  considering,  among 
other  relevant  factors — 

"(i)  the  extent  to  which  the  authorization  of  the  sale,  purchase,  or  dis- 
play of  the  social  security  account  number  would  serve  a  compelling 
public  interest  that  cannot  reasonably  be  served  through  alternative 
measures, 

"(ii)  the  associated  cost  or  burden  of  the  authorization  to  the  general 
public,  businesses,  commercial  enterprises,  non-profit  organizations, 
and  Federal,  State,  and  local  governments;  and 

"(iii)  the  associated  benefit  of  the  authorization  to  the  general  public, 
businesses,  commercial  enterprises,  non-profit  associations,  and  Fed- 
eral, State,  and  local  governments. 
"(B)  Restrictions  and  conditions.— If,  after  considering  the  factors  in 
subparagraph  (A),  the  sale,  purchase,  or  display  to  the  general  public  of  so- 
cial security  account  numbers  is  authorized  under  regulations  referred  to 
in  subparagraph  (A),  the  Commissioner  (or  the  agency  or  instrumentality 
delegated  authority  to  issue  such  regulations  under  paragraph  (5))  shall  im- 
pose restrictions  and  conditions  on  the  sale,  purchase,  or  display  to  the  gen- 
eral public  to  the  extent  necessary — 

"(i)  to  provide  reasonable  assurances  that  social  security  account 
numbers  will  not  be  used  to  commit  or  facilitate  fraud,  deceptions,  or 
crime,  and 

"(ii)  to  prevent  an  unreasonable  risk  of  identity  theft  or  bodily,  emo- 
tional, or  financial  harm  to  any  individual,  considering  the  nature,  like- 
lihood, and  severity  of  the  anticipated  harm  that  could  result  from  the 
sale,  purchase,  or  display  to  the  general  public  of  social  security  ac- 
count numbers,  together  with  the  nature,  likelihood,  and  extent  of  any 
benefits  that  could  be  realized. 
"(C)  5-year  expiration  date  FOR  regulations. — At  the  end  of  the  5-year 
period  beginning  on  the  effective  date  of  any  final  regulations  issued  pursu- 
ant to  this  paragraph — 

"(i)  such  regulations  shall  expire,  and 

"(ii)  new  regulations  may  be  issued  pursuant  to  this  paragraph. 
"(4)  Administrative  procedure. — In  the  issuance  of  regulations  pursuant  to 
this  subsection,  notice  shall  be  provided  as  described  in  paragraphs  (1),  (2),  and 
(3)  of  section  553(b)  of  title  5,  United  States  Code,  and  opportunity  to  partici- 
pate in  the  rule  making  shall  be  provided  in  accordance  with  section  553(c)  of 
such  title. 

"(5)  Delegation  to  other  agencies. — Any  agency  or  instrumentality  of  the 
United  States  may  exercise  the  authority  of  the  Commissioner  under  this  sub- 
section, with  respect  to  matters  otherwise  subject  to  regulation  by  such  agency 
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or  instrumentality,  to  the  extent  determined  appropriate  in  regulations  of  the 
Commissioner. 

"(6)  Consultation  and  coordination— Each  agency  and  instrumentality  ex- 
ercising authority  to  issue  regulations  under  this  subsection  shall  consult  and 
coordinate  with  the  other  such  agencies  and  instrumentalities  for  the  purposes 
of  assuring,  to  the  extent  possible,  that  the  regulations  prescribed  by  each  such 
agency  or  instrumentality  are  consistent  and  comparable,  as  appropriate,  with 
the  regulations  prescribed  by  the  other  such  agencies  and  instrumentalities. 
The  Commissioner  shall  undertake  to  facilitate  such  consultation  and  coordina- 
tion. 

"(7)  Definitions  and  special  rules. — 

"(A)  For  purposes  of  this  subsection,  the  terms  'sell',  'purchase',  and  'dis- 
play to  the  general  public'  shall  have  the  meanings  provided  such  terms 
under  section  205(c)(2)(C)(x)  or  section  208A(a),  as  applicable. 

"(B)  For  purposes  of  this  subsection,  section  205(c)(2)(C)(x)(XI)  shall 
apply. 

"(b)  Coordination  of  Enforcement  With  Other  Agencies.— The  Commissioner 
may  provide,  by  regulation,  for  enforcement  by  any  other  agency  or  instrumentality 
of  the  United  States  of  the  provisions  of  section  208A  and  regulations  prescribed 
pursuant  to  subsection  (a)(1)  with  respect  to  section  208A. 

"(c)  Actions  by  States  With  Respect  to  Misuse  in  Private  Sector  or  by 
State  and  Local  Governments. — 

"(1)  CrviL  actions. — In  any  case  in  which  the  attorney  general  of  a  State  (as 
defined  in  section  205(c)(2)(C)(x)(X))  has  reason  to  believe  that  an  interest  of  the 
residents  of  that  State  has  been  or  is  threatened  or  adversely  affected  by  an 
act  or  practice  described  in  paragraph  (2),  the  State,  as  parens  patriae,  may 
bring  a  civil  action  on  behalf  of  the  residents  of  the  State  in  a  district  court  of 
the  United  States  of  appropriate  jurisdiction,  to — 
"(A)  enjoin  that  act  or  practice; 
"(B)  enforce  compliance  with  the  regulation; 

"(C)  obtain  civil  penalties  in  an  amount  of  $11,000  per  violation  not  to 
exceed  a  total  of  $5,000,000;  or 

"(D)  obtain  such  other  legal  and  equitable  relief  as  the  district  court  may 
consider  to  be  appropriate. 
Before  filing  an  action  under  this  subsection,  the  attorney  general  of  the  State 
involved  shall  provide  to  the  Commissioner  of  Social  Security  and  the  Attorney 
General  of  the  United  States  a  written  notice  of  that  action  and  a  copy  of  the 
complaint  for  that  action.  If  the  State  attorney  general  determines  that  it  is  not 
feasible  to  provide  the  notice  described  in  this  subparagraph  before  the  filing 
of  the  action,  the  State  attorney  general  shall  provide  the  written  notice  and 
the  copy  of  the  complaint  as  soon  after  the  filing  of  the  complaint  as  practicable. 
Any  reference  in  this  subsection  to  the  attorney  general  of  a  State  shall  be 
deemed  also  to  be  a  reference  to  any  equivalent  official  of  such  State. 

"(2)  Acts  or  practices  subject  to  enforcement. — An  act  or  practice  de- 
scribed in  this  paragraph  is — 

"(A)  an  act  or  practice  by  an  executive,  legislative,  or  judicial  agency  or 
instrumentality  of  the  State  involved  or  a  political  subdivision  thereof,  a 
person  acting  as  an  agent  thereof,  or  any  officer  or  employee  of  the  fore- 
going or  person  acting  as  an  agent  of  the  foregoing  that  violates  clause 
(vi)(II),  (x),  (xi),  (xii),  (xiii),  (xiv),  or  (xv)  of  section  205(c)(2)(C)  or  any  regu- 
lation promulgated  thereunder,  or 

"(B)  an  act  or  practice  by  any  person  that  violates  section  208A  or  any 
regulation  promulgated  thereunder. 
"(3)  Attorney  general  authority. — On  receiving  notice  under  paragraph 
(1),  the  Attorney  General  of  the  United  States  shall  have  the  right — 

"(A)  to  move  to  stay  the  action,  pending  the  final  disposition  of  a  pending 
Federal  matter  as  described  in  paragraph  (4); 

"(B)  to  intervene  in  an  action  under  paragraph  (1); 

"(C)  upon  so  intervening,  to  be  heard  on  all  matters  arising  therein;  and 
"(D)  to  file  petitions  for  appeal. 

"(4)  Pending  criminal  proceedings. — If  the  Attorney  General  of  the  United 
States  has  instituted  a  criminal  proceeding  under  section  208  alleging  an  act 
or  practice  described  in  paragraph  (2)  in  connection  with  any  State,  such  State 
may  not,  during  the  pendency  of  such  proceeding  or  action,  bring  an  action 
under  this  subsection  against  any  defendant  named  in  the  criminal  proceeding. 

"(5)  Rule  of  construction. — For  purposes  of  bringing  any  civil  action  under 
paragraph  (1),  nothing  in  this  subsection  shall  be  construed  to  prevent  an  attor- 
ney general  of  a  State  from  exercising  the  powers  conferred  on  the  attorney  gen- 
eral by  the  laws  of  that  State  to  conduct  investigations,  administer  oaths  and 
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affirmations,  or  compel  the  attendance  of  witnesses  or  the  production  of  docu- 
mentary and  other  evidence. 

"(6)  Venue;  service  of  process. — Any  action  brought  under  paragraph  (1) 
may  be  brought  in  any  district  court  of  the  United  States  that  meets  applicable 
requirements  relating  to  venue  under  section  1391  of  title  28,  United  States 
Code.  In  an  action  brought  under  paragraph  (1),  process  may  be  served  in  any 
district  in  which  the  defendant  is  an  inhabitant  or  may  be  found. 
"(d)  Remedies  to  Individuals  for  Violations  by  the  Federal  Government  of 
Requirements  Relating  to  Social  Security  Account  Numbers. — 

"(1)  CrviL  actions. — Any  individual  who  is  aggrieved  by  an  act  or  practice  by 
any  person  acting  as  an  officer,  employee,  or  agent  of  an  agency  or  instrumen- 
tality of  the  Federal  Government  in  violation  of  the  requirements  of  clause 
(vi)(II),  (x),  (xi),  (xii),  (xiii),  (xiv),  or  (xv)  of  subsection  (c)(2)(C)  with  respect  to 
the  social  security  account  number  assigned  to  such  individual  under  subsection 
(c)(2)(B)  may  commence  a  civil  action  for  appropriate  equitable  relief  or  actual 
damages. 

"(2)  Venue;  service  of  process. — An  action  under  this  subsection  action  may 
be  brought  in  the  district  court  of  the  United  States  for  the  judicial  district  in 
which  the  plaintiff  resides,  or  has  his  principal  place  of  business,  in  which  the 
violation  took  place,  or  in  which  the  defendant  resides  or  may  be  found,  and 
process  may  be  served  in  any  other  district  in  which  a  defendant  resides  or  may 
be  found. 

"(3)  Jurisdiction. — The  district  courts  of  the  United  States  shall  have  juris- 
diction, without  respect  to  the  amount  in  controversy  or  the  citizenship  of  the 
parties,  to  grant  the  relief  provided  for  in  paragraph  (1). 

"(4)  Attorney's  fees. — In  any  action  under  this  subsection,  the  court  in  its 
discretion  may  allow  a  reasonable  attorney's  fee  and  costs  of  action  to  either 
party. 

"(e)  Ongoing  GAO  Review  on  Efficacy  of  Regulations  — 

"(1)  In  general. — The  Comptroller  General  of  the  United  States  shall  conduct 
an  ongoing  review  of  the  efficacy  of  the  regulations  prescribed  by  any  agency 
or  instrumentality  of  the  United  States  pursuant  to  this  section.  Such  review 
shall  consider  the  extent  to  which  such  regulations  are  consistent  with,  and  in 
furtherance  of  the  purposes  of,  the  amendments  made  by  the  Social  Security 
Number  Privacy  and  Identity  Theft  Prevention  Act  of  2007. 

"(2)  Report. — Not  later  than  4  years  after  the  effective  date  of  any  final  regu- 
lations issued  by  any  agency  or  instrumentality  of  the  United  States  pursuant 
to  this  section,  the  Comptroller  General  shall  report  to  each  House  of  the  Con- 
gress regarding  the  results  of  the  review  of  such  regulations  conducted  under 
this  paragraph.  Such  report  shall  include  the  Comptroller  General's  rec- 
ommendations for  such  statutory  or  regulatory  changes  as  the  Comptroller  Gen- 
eral considers  appropriate.". 

SEC  14.  study  on  feasibility  of  banning  social  security  account  number  as  an 
authenticator. 

(a)  Study. — As  soon  as  practicable  after  the  date  of  the  enactment  of  this  Act,  the 
Commissioner  of  Social  Security  shall  enter  into  an  arrangement  with  the  National 
Research  Council  under  which  the  Council  shall  carry  out  a  study  to  determine — 

(1)  the  extent  of  the  use  of  social  security  account  numbers  as  a  primary 
means  of  authenticating  identity; 

(2)  the  extent  of  the  use  of  social  security  account  numbers  for  verification 
in  commercial  transactions;  and 

(3)  the  feasibility  of  a  prohibition  on  such  use. 

The  study  shall  also  examine  possible  alternatives  to  social  security  account  num- 
bers for  verification  purposes  and  uses  in  authenticating  identity. 

(b)  Report. — The  arrangement  entered  into  with  the  Council  under  this  section 
shall  provide  for  submission  by  the  Council  to  the  Commissioner  and  to  each  House 
of  the  Congress  of  a  report  setting  forth  the  results  of  the  Council's  study  under  this 
section,  together  with  the  Council's  findings  and  recommendations,  no  later  than  1 
year  after  the  effective  date  of  the  initial  final  regulations  issued  by  the  Commis- 
sioner pursuant  to  the  amendments  made  by  section  2  of  this  Act. 

I.  INTRODUCTION 

A.  Purpose  and  Summary 

The  purpose  of  the  "Social  Security  Number  Privacy  and  Identity 
Theft  Prevention  Act  of  2007,"  H.R.  3046,  is  to  enhance  Social  Se- 
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curity  number  (SSN)  privacy  protections,  prevent  misuse  of  SSNs, 
and  to  otherwise  enhance  protections  against  identity  theft. 

The  bill  would  restrict  the  sale,  purchase  and  display  to  the  gen- 
eral public  of  SSNs  in  the  public  and  private  sectors;  provide  addi- 
tional measures  to  protect  SSN  privacy;  and  create  criminal  and 
civil  monetary  penalties  for  persons  who  misuse  SSNs. 

B.  Background 

The  SSN  was  created  in  1936  to  track  workers'  earnings  for  the 
purpose  of  paying  Social  Security  taxes  and  determining  eligibility 
and  benefit  amounts  upon  retirement,  or  later  upon  disability. 
Since  1936,  the  Social  Security  Administration  (SSA)  has  issued 
more  than  400  million  SSNs. 

Although  the  SSN  was  originally  created  for  administering  the 
Social  Security  program,  its  use  has  expanded  dramatically 
throughout  both  the  public  and  private  sectors.  Federal  use  of  the 
SSN  was  first  mandated  by  President  Roosevelt  in  1943  with  Exec- 
utive Order  9397.  This  Executive  Order  required  that  any  Federal 
department  establishing  a  new  system  of  permanent  account  num- 
bers pertaining  to  an  individual  must  exclusively  utilize  the  SSN 
and  that  such  personal  information  must  be  kept  confidential. 
Today  the  SSN  is  required  for  the  administration  of  a  number  of 
government  benefit  programs  and  the  Federal  income  tax. 

In  addition  to  uses  mandated  by  Federal  law,  the  SSN  is  also 
widely  used  in  the  public  and  private  sectors  for  purposes  that  are 
neither  required  nor  prohibited  by  law.  As  a  result,  the  SSN  is  gen- 
erally regarded  as  the  single-most  widely  used  record  identifier  by 
both  government  and  private  sectors  within  the  United  States. 

Ubiquitous  use  of  SSNs  and  the  ease  with  which  individuals  can 
access  another  person's  SSN  have  raised  serious  concerns  over  pri- 
vacy and  opportunities  for  identity  theft  and  fraud.  The  Federal 
Trade  Commission  (FTC),  SSA,  the  SSA  Inspector  General  and  oth- 
ers acknowledge  that  SSNs  play  a  pivotal  role  in  identity  theft. 
Even  worse,  terrorists  may  steal,  fake,  or  purchase  SSNs  in  order 
to  operate  in  our  society  and  abet  their  nefarious  acts.  The  FTC  re- 
ported in  2003  that  10  million  Americans  fell  prey  to  identity  theft 
in  the  prior  year.  A  more  recent  survey  by  Gartner,  Inc.  estimated 
the  number  of  identity  theft  victims  at  15  million  in  2006.  The  FTC 
study  found  that  victims  spent  an  estimated  $5  billion  to  rehabili- 
tate their  good  names,  and  businesses  lost  over  $50  billion  to  iden- 
tity theft-related  fraud  in  a  single  year.  Protecting  the  privacy  of 
SSNs  will  help  to  protect  our  individual  and  national  security. 

The  absence  of  overarching  Federal  law  regulating  the  sale,  pur- 
chase, and  public  display  of  SSNs,  and  the  growing  threat  rep- 
resented by  SSN  misuse  and  identity  theft,  have  prompted  a  need 
to  better  protect  the  privacy  and  integrity  of  SSNs. 

C.  Legislative  History 

During  the  106th  Congress,  the  Subcommittee  on  Social  Security 
held  hearings  on  Social  Security  program  integrity  on  March  30, 
2000  (106-38);  representative  payees  on  May  4,  2000  (106-57);  use 
and  misuse  of  SSNs  on  May  9  and  May  11,  2000  (106-108);  and 
the  processing  of  attorney's  fees  on  June  14,  2000  (106-70).  The  in- 
formation gained  from  these  hearings  led  to  the  introduction  of 
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H.R.  4857,  the  "Privacy  and  Identity  Protection  Act  of  2000,"  on 
July  13,  2000.  The  bill  enhanced  privacy  protections  for  individ- 
uals, prevented  fraudulent  misuse  of  the  SSN,  and  provided  addi- 
tional safeguards  for  Social  Security  and  Supplemental  Security  In- 
come (SSI)  beneficiaries  with  representative  payees.  A  further 
hearing  on  protecting  privacy  and  preventing  misuse  of  the  SSN 
was  held  on  July  17,  2000  (106-43).  On  July  20,  2000,  the  Sub- 
committee on  Social  Security  ordered  favorably  reported  H.R.  4857, 
as  amended.  The  Committee  on  Ways  and  Means  ordered  the  bill 
favorably  reported,  as  amended  on  September  28,  2000  (H.  Rept. 
106-996  Part  1).  The  bill  was  not  considered  by  the  full  House,  as 
other  committees  of  jurisdiction  did  not  complete  consideration  of 
the  bill. 

During  the  107th  Congress,  the  Subcommittee  on  Social  Security 
held  a  hearing  on  protecting  privacy  and  preventing  misuse  of 
SSNs  on  May  22,  2001  (107-31).  In  response  to  information  gath- 
ered at  this  hearing  and  previous  hearings  in  the  106th  Congress, 
H.R.  2036,  the  "Social  Security  Number  Privacy  and  Identity  Theft 
Prevention  Act  of  2001,"  was  introduced  on  May  25,  2001.  The  bill 
restricted  the  sale,  purchase,  and  display  of  SSNs,  limited  dissemi- 
nation of  SSNs  by  credit  reporting  agencies,  and  made  it  more  dif- 
ficult for  businesses  to  deny  services  if  a  customer  refused  to  pro- 
vide his  or  her  SSN.  Further  hearings  were  held  on  preventing 
identity  theft  by  terrorists  and  criminals,  held  jointly  with  the 
Committee  on  Financial  Services,  Subcommittee  on  Oversight  and 
Investigations  on  November  8,  2001  (107-51);  protecting  the  pri- 
vacy of  SSNs  and  preventing  identity  theft  on  April  29,  2002  (107- 
71);  and  preserving  the  integrity  of  SSNs  and  preventing  their  mis- 
use by  terrorists  and  identity  thieves,  held  jointly  with  the  Com- 
mittee on  Judiciary,  Subcommittee  on  Immigration,  Border  Secu- 
rity, and  Claims  on  September  19,  2002  (107-81).  Neither  the 
House  nor  the  Senate  acted  on  the  bill. 

During  the  108th  Congress,  the  Subcommittee  on  Social  Security 
held  a  hearing  on  the  use  and  misuse  of  SSNs  on  July  10,  2003 
(108-35).  The  Government  Accountability  Office  (GAO— then 
known  as  the  General  Accounting  Office)  witness  testified  that 
SSNs  are  widely  utilized  in  both  the  public  and  private  sectors  as 
an  identifier,  and  cited  numerous  examples  where  public  and  pri- 
vate databases  had  been  compromised  and  personal  data,  including 
SSNs,  had  been  stolen.  They  also  found  that  in  some  cases,  the  dis- 
play of  SSNs  in  public  records  and  easily  accessible  websites  pro- 
vided an  opportunity  for  identity  thieves.  The  SSA  Inspector  Gen- 
eral testified  that  the  most  important  step  in  preventing  SSN  mis- 
use is  to  limit  its  easy  availability  through  public  records,  sale  on 
the  open  market,  and  unnecessary  use.  Consumer  advocate  wit- 
nesses testified  regarding  the  growing  crime  of  identity  theft,  its 
impact  on  victims,  and  the  need  to  protect  the  privacy  of  SSNs.  A 
law  enforcement  witness  testified  that  SSNs  are  key  to  the  take- 
over of  another  individual's  identity,  described  difficulties  in  pros- 
ecuting identity  theft,  and  stated  the  need  to  restrict  SSN  use  to 
necessary  purposes. 

Based  on  information  gathered  at  this  hearing  and  hearings  in 
previous  Congresses,  Social  Security  Subcommittee  Chairman  E. 
Clay  Shaw,  Jr.  and  Ranking  Member  Robert  T.  Matsui  introduced 
H.R.  2971,  the  "Social  Security  Number  Privacy  and  Identity  Theft 
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Prevention  Act  of  2003,"  on  July  25,  2003.  The  bill  was  referred  to 
the  Committee  on  Ways  and  Means,  the  Committee  on  Financial 
Services,  and  the  Committee  on  Energy  and  Commerce.  The  Sub- 
committee on  Social  Security  held  a  further  hearing  on  enhancing 
SSN  privacy  on  June  15,  2004,  and  marked  up  the  bill  on  July  15, 
2004.  The  bill  was  reported  favorably  to  the  full  Committee  on 
Ways  and  Means  on  July  15,  2004,  as  amended,  by  voice  vote.  On 
July  21,  2004,  the  Committee  on  Ways  and  Means  marked  up  H.R. 
2971,  as  amended  by  the  Subcommittee.  Chairman  Thomas  offered 
an  amendment  in  the  nature  of  a  substitute,  which  was  agreed  to 
by  voice  vote.  The  Committee  then  ordered  favorably  reported  H.R. 
2971,  as  amended,  by  a  roll  call  vote  of  33  yeas  to  0  nays.  The  bill 
was  not  considered  by  the  full  House,  as  other  committees  of  juris- 
diction did  not  complete  consideration  of  the  bill. 

In  addition,  during  the  106th,  107th,  108th  and  109th  Con- 
gresses, Subcommittee  Chairman  Shaw  and  other  Members  of  Con- 
gress asked  the  GAO  for  a  number  of  reports  to  inform  the  debate 
on  SSN  privacy  and  integrity.  These  reports  explained  how  govern- 
ment agencies  and  private  sector  businesses  such  as  consumer  re- 
porting agencies,  information  resellers,  and  health  care  organiza- 
tions collect,  utilize,  and  safeguard  SSNs  (Social  Security:  Govern- 
ment and  Commercial  Use  of  the  Social  Security  Number  is  Wide- 
spread, GAO/HEHS-99-28;  Social  Security  Numbers:  Government 
Benefits  from  SSN  Use  But  Could  Provide  Better  Safeguards, 
GAO-02-352;  Social  Security  Numbers:  Private  Sector  Entities 
Routinely  Obtain  and  Use  SSNs,  and  Laws  Limit  the  Disclosure  of 
This  Information,  GAO  04-11;  Social  Security  Numbers:  Use  is 
Widespread  and  Protections  Vary,  GAO-04-768T;  Personal  Infor- 
mation: Key  Federal  Privacy  Laws  Do  Not  Require  Information  Re- 
sellers to  Safeguard  All  Sensitive  Data,  GAO-06-674). 

During  the  109th  Congress,  the  Subcommittee  on  Social  Security 
held  a  series  of  five  hearings  on  SSN  high  risk  issues.  The  hearings 
addressed  the  role  of  SSNs  in  abetting  identity  theft,  and  discussed 
the  impact  of  prohibiting  or  restricting  the  use,  sale,  purchase,  or 
display  of  SSNs  by  individuals,  businesses,  or  the  government. 
Based  on  these  and  prior  hearings,  Subcommittee  Chairman  Shaw 
and  Full  Committee  Ranking  Member  Charles  B.  Rangel  intro- 
duced H.R.  1745,  the  "Social  Security  Number  Privacy  and  Identity 
Theft  Protection  Act  of  2005,"  on  April  20,  2005.  The  bill  was  re- 
ferred to  the  Committee  on  Ways  and  Means,  the  Committee  on  Fi- 
nancial Services,  and  the  Committee  on  Energy  and  Commerce. 
The  bill  was  not  reported. 

During  the  110th  Congress,  the  Subcommittee  on  Social  Security 
held  a  hearing  on  protecting  the  privacy  of  the  SSN  from  identity 
theft  on  June  21,  2007.  The  GAO  witness  testified  that  SSNs  are 
vulnerable  to  misuse  because  there  is  no  Federal  standard  for  trun- 
cating SSNs,  which  allows  identity  thieves  to  piece  together  por- 
tions of  SSNs  from  different  sources.  The  SSA  Inspector  General 
testified  that  Federal  efforts  to  protect  the  SSN  should  be  improved 
by  limiting  the  use  of  the  SSNs  on  school  and  hospital  identifica- 
tion cards.  An  expert  on  technology  and  data  privacy  testified  that 
the  SSN  should  not  be  used  as  an  identifier  or  authenticator,  that 
steps  should  be  taken  to  reduce  the  use  and  exposure  of  SSNs,  and 
that  businesses  have  alternatives  to  over-reliance  on  SSNs  for 
record  matching  and  verification.  Also  during  the  110th  Congress, 
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GAO  issued  a  report  identifying  which  Federal  agencies  provide 
records  containing  SSNs  to  state  and  local  record  keepers,  and  the 
significant  vulnerabilities  that  remain  in  the  protection  of  SSNs  in 
public  records  (Social  Security  Numbers:  Federal  Actions  Could 
Further  Decrease  Availability  in  Public  Records,  though  Other 
Vulnerabilities  Remain,  GAO-07-752). 

Based  on  information  gathered  at  this  hearing  and  hearings  in 
previous  Congresses,  Social  Security  Subcommittee  Chairman  Mi- 
chael R.  McNulty  and  Ranking  Member  Sam  Johnson  introduced 
H.R.  3046,  the  "Social  Security  Number  Privacy  and  Identity  Theft 
Prevention  Act  of  2007,"  on  July  16,  2007.  The  bill  was  referred  to 
the  Committee  on  Ways  and  Means.  On  July  18,  2007,  the  Com- 
mittee marked-up  the  bill;  and  Chairman  Rangel  offered  an  amend- 
ment in  the  nature  of  a  substitute,  which  was  agreed  to  by  voice 
vote.  The  Committee  then  ordered  favorably  reported  H.R.  3046,  as 
amended,  by  a  rollcall  vote  of  41  yeas  to  0  nays. 

II.  SECTION-BY-SECTION  SUMMARY 

Sec.  1.  Short  title 

CURRENT  LAW 

No  provision. 

EXPLANATION  OF  PROVISION 

Section  1  provides  that  the  Act  may  be  cited  as  the  "Social  Secu- 
rity Number  Privacy  and  Identity  Theft  Prevention  Act  of  2007." 

REASON  FOR  CHANGE 

The  section  identifies  the  short  title  for  the  bill. 

Sec.  2.  Restrictions  on  the  sale  or  display  to  the  general  public  of 
Social  Security  account  numbers  by  governmental  entities 

CURRENT  LAW 

The  SSN  is  required  by  law  for  the  administration  of  a  number 
of  Federal  programs.  In  addition,  Federal  law  permits  States  to  re- 
quire the  SSN  in  the  administration  of  certain  State  programs,  and 
in  other  cases  Federal  law  requires  the  States  to  use  the  SSN  in 
the  administration  of  Federal  or  State  programs.  No  Federal  law 
regulates  the  overall  use  of  SSNs  by  Federal,  State  or  local  govern- 
ments. The  "Department  of  Transportation  and  Related  Agencies 
Appropriations  Act"  (P.L.  106-346)  amended  the  "Driver's  Privacy 
Protection  Act  of  1994"  (P.L.  103-322)  to  require  States  to  obtain 
express  consent  of  drivers  before  sharing  or  selling  drivers'  "highly 
restricted  personal  information,"  including  SSNs,  except  under  very 
limited  circumstances. 

EXPLANATION  OF  PROVISION 

The  bill  would  restrict  the  sale  or  display  to  the  general  public 
of  full  or  partial  SSNs  by  Federal,  State  or  local  governmental 
agencies  and  their  agents,  by  a  Federally  recognized  Indian  tribe, 
or  by  a  bankruptcy  trustee.  The  sale  of  SSNs  would  be  permitted 
as  follows: 
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1.  As  specifically  authorized  by  the  "Social  Security  Act"  (P.L. 
74-271)  or  the  "Privacy  Act  of  1974"  (P.L.  93-579),  which  includes 
data-matching  performed  by  SSA  and  reimbursed  by  other  agencies 
for  the  administration  of  programs  whose  purposes  are  compatible 
with  the  Social  Security  Act; 

2.  For  law  enforcement  or  national  security  purposes; 

3.  For  tax  compliance; 

4.  By  State  departments  of  motor  vehicles  for  use  by  a  govern- 
ment agency  in  carrying  out  its  functions;  for  use  by  an  insurer  for 
claims  investigation,  anti-fraud  activities,  and  rating  or  under- 
writing; and  for  use  by  an  employer  to  obtain  or  verify  information 
about  a  holder  of  a  commercial  driver's  license; 

5.  To  a  consumer  reporting  agency  under  the  "Fair  Credit  Re- 
porting Act"  (FCRA,  P.L.  91-508)  solely  for  use  or  disclosure  for 
permissible  purposes  under  the  FCRA  as  follows:  as  ordered  by  a 
court  or  a  Federal  grand  jury  subpoena;  as  instructed  by  the  con- 
sumer in  writing;  for  the  extension  of  credit  based  on  a  consumer's 
application;  for  review  or  collection  of  a  consumer's  account;  for  em- 
ployment purposes;  for  insurance  underwriting  based  on  a  con- 
sumer's application;  when  there  is  a  legitimate  business  need  re- 
garding a  transaction  the  consumer  initiates;  to  review  whether  a 
customer  meets  the  terms  of  his  or  her  account;  to  determine  a  con- 
sumer's eligibility  for  a  license  or  other  benefit  granted  by  a  gov- 
ernment agency;  to  analyze  the  credit  or  prepayment  risks  associ- 
ated with  an  existing  credit  obligation;  and  for  use  by  State  and 
local  officials  for  child  support  payment  purposes; 

6.  For  government  research  advancing  the  public  good. 

In  addition,  the  Commissioner  of  Social  Security  would  be  per- 
mitted to  authorize  sale  and  display  to  the  general  public  of  SSNs 
in  other  circumstances  as  determined  appropriate. 

The  restrictions  on  sale  or  display  to  the  general  public  of  SSNs 
would  not  apply  to  SSNs  of  deceased  persons. 

The  restrictions  that  would  be  established  under  this  provision 
would  not  override  other  restrictions  or  limitations  in  Federal  or 
State  law  or  regulations  in  effect  to  the  extent  that  they  provide 
greater  protections  for  SSNs  than  would  be  created  under  this  bill. 

The  bill  would  define  "governmental  entity"  as  an  executive,  leg- 
islative, or  judicial  agency  or  instrumentality  of  the  Federal  or 
State  government,  including  a  Federally  recognized  Indian  tribe,  a 
bankruptcy  trustee,  and  agents  of  the  entity. 

The  bill  would  define  "sell"  as  obtaining  anything  of  value,  di- 
rectly or  indirectly,  in  exchange  for  an  SSN.  However,  the  submis- 
sion of  the  SSN  in  the  process  of  applying  for  government  benefits 
or  programs,  and  in  the  administration  of  an  employee  benefit 
plan,  would  not  be  considered  a  sale. 

"Display  to  the  general  public"  would  mean  to  intentionally  place 
an  SSN  in  a  viewable  manner  on  an  Internet  site  that  is  available 
to  the  general  public  or  to  provide  access  to  the  general  public  by 
other  means.  In  addition,  requiring  an  individual  to  transmit  his 
or  her  SSN  over  the  Internet  without  ensuring  the  number  is 
encrypted  or  otherwise  protected  would  be  considered  a  prohibited 
display  to  the  general  public. 

"Social  Security  account  number"  would  include  a  partial  SSN. 
However,  the  bill  would  provide  a  temporary  exemption  permitting 
government  entities  to  sell  and  publicly  display  the  last  four  digits 
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of  an  SSN  for  two  years  after  the  effective  date  of  the  final  regula- 
tions. 

REASON  FOR  CHANGE 

The  Federal  government  created  the  SSN,  under  the  authority  of 
the  Social  Security  Act,  and  its  use  has  since  been  required  for  a 
broad  range  of  interactions  between  individuals  and  the  govern- 
ment, including  tax  administration,  many  benefit  programs,  and 
driver's  and  professional  licenses.  While  there  are  laws  protecting 
the  privacy  of  SSNs  held  by  certain  agencies  or  under  specific  cir- 
cumstances, there  is  no  comprehensive  law  protecting  the  privacy 
of  SSNs  held  by  Federal,  State,  and  local  government  agencies.  As 
a  result,  SSNs  may  be  sold,  displayed  on  the  Internet,  or  otherwise 
made  available  to  the  general  public  on  paper,  computer  disk,  or 
other  means  to  individuals  requesting  a  copy — for  example  through 
open  court  or  other  government  records — and  may  be  obtained  by 
third  parties  who  can  subsequently  sell  or  display  the  information 
to  others. 

Since  SSNs  are  the  key  to  accessing  an  individual's  financial  and 
other  personal  information,  the  wide  accessibility  of  SSNs  has 
raised  serious  concerns  over  privacy.  Testimony  before  the  Sub- 
committee on  Social  Security  highlights  the  relative  ease  by  which 
an  individual  can  obtain  another  person's  SSN  and  use  the  infor- 
mation to  commit  identity  theft  or  other  crimes.  Restricting  the  dis- 
play to  the  general  public  and  sale  of  SSNs  by  governments  will 
help  curb  fraudulent  activity  by  making  it  more  difficult  for  crimi- 
nals to  access  this  personal  information. 

The  bill  would  provide  specific  exceptions  to  permit  the  continu- 
ation of  SSN  exchanges  that  provide  important  benefits  in  the  pub- 
lic interest  such  as  law  enforcement;  administration  of  government 
programs,  including  SSI,  Medicaid,  and  unemployment  insurance; 
administration  of  employee  benefits;  limited  commercial  purposes 
such  as  granting  credit  and  insurance;  tax  administration;  and  gov- 
ernment research  advancing  the  public  good. 

In  addition,  authority  would  be  given  to  the  Commissioner  to  au- 
thorize sale  and  display  to  the  general  public  of  SSNs  as  deter- 
mined appropriate  under  guidelines  specified  in  section  13  of  the 
bill.  Since  SSN  use  is  so  pervasive  in  both  the  public  and  private 
sectors,  is  linked  to  so  many  government  and  business  trans- 
actions, and  because  of  evolving  needs  regarding  SSN  utilization 
and  new  technologies  to  facilitate  information  exchanges,  this  ex- 
ception is  intended  to  allow  the  Commissioner  or  agencies  to  which 
it  delegates  authority  to  thoroughly  evaluate  how  SSNs  are  sold 
and  displayed,  the  degree  to  which  they  are  convenient  versus  es- 
sential to  such  exchanges,  and  to  modify  the  rules  as  needed.  How- 
ever, it  is  expected  that  this  authority  would  be  used  extremely  ju- 
diciously, and  not  merely  for  the  sake  of  facilitating  transactions  or 
data-matching  that  could  be  reasonably  accomplished  without  the 
use  of  the  SSN.  In  comparing  the  costs  and  benefits  of  authorizing 
SSN  sale  or  display  to  the  general  public  and  whether  the  author- 
ization serves  a  compelling  public  interest  that  cannot  reasonably 
be  served  through  alternative  measures,  it  is  expected  that  the 
Commissioner  and  other  agencies  would  give  significant  weight  to 
the  need  to  maintain  individuals'  privacy  and  safety,  as  well  as  the 
bill's  purpose  of  preventing  identity  theft. 
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With  respect  to  the  exception  for  research  advancing  the  public 
good,  the  intent  is  to  preserve  the  government's  ability  to  conduct 
scientific,  epidemiological,  and  social  scientific  research  that  would 
benefit  the  public.  In  the  case  of  research  involving  medical  infor- 
mation on  individuals,  it  is  expected  that  SSA  will  only  authorize 
sale  of  SSNs  in  strict  compliance  with  Federal  rules  and  regula- 
tions on  the  privacy  of  medical  information. 

The  bill  also  provides  a  "transition  rule,"  which  permits  the  gov- 
ernment to  use  the  last  four  digits  of  the  SSN  where  the  sale  or 
public  display  is  otherwise  prohibited,  to  provide  a  period  of  transi- 
tion to  less  reliance  overall  on  the  SSN  and  its  derivatives.  In  com- 
bination with  the  effective  date  of  the  implementation  rules,  this 
transition  rule  permits  government  sale  and  display  of  the  SSN  for 
four  and  one-half  years  after  enactment,  in  order  to  accommodate 
the  transition  to  the  prohibitions  on  sale  and  public  display. 

The  restrictions  on  sale  and  display  to  the  general  public  of  SSNs 
would  not  apply  to  the  SSNs  of  deceased  persons.  This  is  because 
the  sale  and  public  availability  of  information  on  deceased  individ- 
uals is  necessary  to  prevent  waste,  fraud,  and  abuse.  SSA  compiles 
a  Death  Master  File  (DMF),  which  contains  the  name,  date  of 
birth,  date  of  death,  SSN,  and  other  information  for  about  70  mil- 
lion individuals.  The  SSA  DMF  is  used  by  leading  government,  fi- 
nancial, investigative,  and  credit  reporting  organizations,  in  med- 
ical research  and  by  other  industries  to  verify  identity  as  well  as 
to  prevent  fraud  and  comply  with  the  "Uniting  and  Strengthening 
America  by  Providing  Appropriate  Tools  Required  to  Intercept  and 
Obstruct  Terrorism  Act  of  2001"  (USA  PATRIOT  Act,  P.L.  107-56). 

The  restrictions  on  sale  and  display  by  government  agencies, 
trustees,  and  their  agents  would  only  apply  to  SSNs  they  require 
individuals  or  others  to  provide.  During  Social  Security  Sub- 
committee hearings  on  the  bill,  court  and  other  public  records  ad- 
ministrators testified  they  receive  numerous  documents  filed  by  in- 
dividuals, businesses,  and  attorneys  that  often  include  SSNs  the 
government  did  not  require  to  be  submitted,  and  of  which  they  are 
therefore  unaware.  They  stated  redaction  of  "incidentally"  included 
SSNs  would  create  a  serious  administrative  burden,  and  it  would 
require  significant  resources  to  review  each  document  and  redact 
such  incidental  SSNs.  Therefore,  the  bill  would  make  government 
agencies,  trustees,  and  their  agents  responsible  only  for  those  SSNs 
they  require  individuals  to  submit,  since  they  should  be  able  to  eas- 
ily locate  and  redact  them.  For  example,  a  court  requiring  individ- 
uals to  provide  their  SSNs  on  a  coversheet  for  filed  documents 
could  remove  the  coversheet  or  redact  the  SSN  before  selling  the 
court  record  or  displaying  it  to  the  general  public.  With  respect  to 
SSNs  submitted  in  court  documents  absent  the  court's  requirement 
to  do  so,  the  individual  communicating  the  SSN  in  the  document, 
not  the  court,  would  be  held  responsible  according  to  section  8  of 
the  bill. 

The  restrictions  established  under  this  bill  would  serve  as  a  floor 
of  protection  for  SSNs,  and  are  not  intended  to  override  SSN  pro- 
tections in  Federal  or  State  law  or  regulations  in  effect  to  the  ex- 
tent they  provide  greater  restrictions  on  SSN  sale,  purchase,  or  dis- 
play to  the  general  public  than  would  be  created  under  the  bill.  For 
example,  this  bill  is  not  intended  to  circumvent  the  provision  in- 
cluded in  section  1735  of  the  "Food,  Agriculture,  Conservation,  and 
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Trade  Act  of  1990"  (P.L.  101-624)  preventing  the  disclosure  of 
SSNs  maintained  as  the  result  of  laws  enacted  on  or  after  October 
1,  1990. 

EFFECTIVE  DATE 

Initial  final  regulations  to  carry  out  the  provisions  would  have  to 
be  issued  by  the  Commissioner  of  Social  Security  or  any  other 
agency  to  which  the  Commissioner  delegates  authority  within  18 
calendar  months  after  the  date  of  enactment.  The  provisions  would 
take  effect  one  year  after  issuance  of  initial  final  regulations.  The 
provisions  would  not  apply  to  display  of  records  generated  prior  to 
the  date  the  provisions  become  effective.  The  temporary  exemption 
to  allow  sale  and  display  of  the  last  four  digits  of  the  SSN  would 
expire  two  years  after  the  effective  date  of  the  initial  final  regula- 
tions. 

Sec.  3.  Prohibition  of  display  of  Social  Security  account  numbers  on 
checks  issued  for  payment  by  governmental  entities 

CURRENT  LAW 

No  Federal  law  regulates  the  overall  use  of  SSNs  by  Federal, 
State,  or  local  governments.  However,  the  "Social  Security  Number 
Confidentiality  Act  of  2000"  (P.L.  106-433)  specifically  directed  the 
Secretary  of  the  Treasury  to  take  necessary  action  to  ensure  that 
SSNs  are  not  visible  on  or  through  unopened  mailings  of  checks  or 
other  drafts. 

EXPLANATION  OF  PROVISION 

The  bill  would  prohibit  Federal,  State,  or  local  governments,  or 
bankruptcy  trustees,  from  including  full  or  partial  SSNs  on  checks 
issued  for  payment  or  on  any  documents  accompanying  checks. 

REASON  FOR  CHANGE 

The  Subcommittee  on  Social  Security  has  heard  testimony  from 
the  Postal  Inspection  Service  and  consumer  advocates  that  mail 
theft  and  rifling  through  trash  for  discarded  documents  are  means 
by  which  identity  thieves  gain  access  to  personal  information,  in- 
cluding SSNs. 

EFFECTIVE  DATE 

Provision  would  apply  with  respect  to  checks  (and  documents  at- 
tached to  or  accompanying  such  checks)  issued  after  one  year  after 
enactment. 

Sec.  4.  Prohibition  of  the  display  of  Social  Security  account  num- 
bers on  certain  government  identification  cards  or  tags 

CURRENT  LAW 

No  provision. 

EXPLANATION  OF  PROVISION 

The  bill  would  prohibit  government  agencies  and  those  providing 
employee  benefits  for  a  government  agency  from  displaying  an  indi- 
vidual's full  or  partial  SSN  on  any  identification  card  or  tag  issued 
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to  employees  or  employees'  family  members;  on  identification  cards 
issued  to  students  at  government  educational  institutions;  on  iden- 
tification tags  issued  to  patients  at  government  medical  institu- 
tions; and  on  Medicare  cards.  This  would  include  use  of  a  magnetic 
strip,  bar  code,  or  other  means  of  communication  to  convey  the  full 
or  partial  SSN. 

REASON  FOR  CHANGE 

SSNs  are  often  utilized  as  employee  identification  numbers  or 
customer  account  numbers  for  the  sake  of  convenience.  However, 
the  display  of  SSNs  on  military  identification  tags,  employee  identi- 
fication cards,  student  identification  cards,  patient  identification 
cards  and  tags,  health  benefit  cards,  the  Medicare  card,  customer 
cards,  and  on  other  cards  or  tags  that  are  required  to  be  submitted 
or  displayed  to  others,  which  are  frequently  carried  in  individuals' 
wallets,  unnecessarily  increases  the  risk  of  identity  theft.  Similar 
prohibitions  have  been  enacted  under  several  State  laws,  and  the 
Centers  for  Medicare  and  Medicaid  Services  and  the  Department  of 
Defense  are  both  evaluating  their  use  of  SSNs  in  light  of  identity 
theft  concerns.  This  provision  is  not  intended  to  prevent  inclusion 
of  encrypted  SSNs  (those  that  are  transformed  by  a  secret  code  to 
appear  as  other  than  the  nine-digit  number  assigned  by  the  Com- 
missioner of  Social  Security  when  read  or  otherwise  accessed  by 
unauthorized  parties). 

EFFECTIVE  DATE 

Provision  would  apply  with  respect  to  cards  or  tags  issued  after 
one  year  after  enactment,  except  for  Medicare  cards,  for  which  the 
prohibition  would  first  apply  two  and  one-half  years  after  enact- 
ment. 

Sec.  5.  Prohibition  of  inmate  access  to  Social  Security  account  num- 
bers 

CURRENT  LAW 

No  provision. 

EXPLANATION  OF  PROVISION 

The  bill  would  prohibit  Federal,  State  or  local  governments  from 
employing  prisoners  in  any  capacity  that  would  allow  prisoners  ac- 
cess to  full  or  partial  SSNs  of  other  individuals. 

REASON  FOR  CHANGE 

Prisoners,  including  those  who  may  have  been  incarcerated  for 
identity  theft,  should  not  have  access  to  SSNs  or  derivatives  of 
SSNs,  thereby  posing  a  serious  risk  of  identity  theft  or  fraud.  The 
Subcommittee  on  Social  Security  has  heard  testimony  regarding  a 
serious  instance  where  use  of  prisoner  labor  to  process  personal  in- 
formation resulted  in  a  case  of  stalking  {Beverly  Dennis,  et  al  v. 
Metromail,  et  al,  No.  96-04451,  District  Court,  Travis  County, 
Texas). 
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EFFECTIVE  DATE 

Provision  would  apply  with  respect  to  employment  or  entry  into 
contract  for  employment  of  prisoners  on  or  after  enactment.  In  the 
case  of  employment  or  contracts  for  employment  in  effect  on  the 
date  of  enactment,  provision  would  take  effect  90  days  after  enact- 
ment. 

Sec.  6.  Measures  to  preclude  unauthorized  disclosure  by  govern- 
mental entities  of  Social  Security  account  numbers  and  protect 
the  confidentiality  of  such  numbers 

CURRENT  LAW 

The  Social  Security  Act  requires  officers  and  employees  of  Fed- 
eral and  State  governments  to  keep  SSNs  and  related  records  con- 
fidential. It  also  prohibits  officers  and  employees  from  disclosing 
SSNs  or  related  records. 

The  Privacy  Act  of  1974  requires  Federal  agencies  to  establish 
appropriate  administrative,  technical  and  physical  safeguards  to 
ensure  the  security  and  confidentiality  of  the  agencies'  systems  of 
records.  The  term  "records"  includes  any  personally  identifiable 
item  or  information  about  an  individual  that  is  maintained  by  an 
agency. 

EXPLANATION  OF  PROVISION 

With  respect  to  Federal,  State,  and  local  government  employees 
and  their  agents,  the  bill  would  restrict  access  to  SSNs  and  any  de- 
rivative thereof  to  employees  whose  responsibilities  require  access 
for  administration  or  enforcement  of  the  government  agency's  func- 
tions. Government  agencies  and  their  agents  would  be  required  to 
provide  safeguards  to  prevent  unauthorized  access  to  SSNs  and 
protect  their  confidentiality. 

REASON  FOR  CHANGE 

There  have  been  numerous  reported  cases  of  computer  hackers 
obtaining  SSNs  from  universities  and  other  institutions.  In  addi- 
tion, the  Subcommittee  on  Social  Security  has  heard  testimony  on 
how  identity  theft  rings  may  plant  an  employee  inside  an  organiza- 
tion to  access  SSNs  and  other  personal  information.  Finally,  there 
have  been  numerous  recent  instances  where  government  agencies 
have  failed  to  adequately  secure  confidential  data  which  includes 
SSNs,  such  as  the  U.S.  Department  of  Veterans  Affairs  and  the 
State  of  Ohio. 

Also,  the  Personal  Responsibility  and  Work  Opportunity  Act  of 
1996  (P.L.  105-33)  requires  state  agencies  to  collect  SSNs  from  ap- 
plicants for  professional  licenses,  drivers'  licenses  and  marriage  li- 
censes. In  1997,  the  Balanced  Budget  Act  (P.L.  104-193)  amended 
this  requirement  to  include  recreational  licenses.  The  goal  of  these 
provisions  was  to  enhance  the  ability  of  family  support  agencies  to 
locate  parents  who  were  not  supporting  their  children  and  enforce 
child  support  payment  orders. 

Citizens  obtain  drivers  licenses,  professional  licenses  and  mar- 
riage licenses  in  government  offices.  Hunting,  fishing  and  boating 
licenses,  in  addition  to  being  available  through  government  offices 
or  online,  are  typically  sold  in  retail  stores,  outdoor  marinas,  or 
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public  parks,  where,  according  to  testimony  provided  to  the  Sub- 
committee on  Social  Security  in  2006,  transactions  are  relatively 
open;  employees  processing  the  sale  are  often  young,  seasonal 
workers  with  very  little  training  of  any  type;  and  data  security  pro- 
tocols rarely  include  more  than  closing  the  cover  on  the  receipt 
book. 

The  Committee  believes  that  government  agencies  and  their 
agents  (as  in  the  case  of  retailers  of  recreational  licenses)  that  ask 
or  require  individuals  to  provide  their  SSN  to  obtain  benefits  or 
services  have  a  responsibility  to  safeguard  SSNs  from  unauthorized 
access  by  employees  or  other  individuals. 

This  provision  is  not  intended  to  prevent  government  employees 
or  those  to  whom  government  agencies  contract  work  from  access- 
ing SSNs  in  cases  where  it  is  necessary  for  performance  of  their 
duties,  or  to  impede  data  exchanges  between  government  agencies 
that  include  SSN  information  and  are  in  accordance  with  section 
2  of  the  bill.  For  example,  it  is  not  the  intent  to  prevent  State  un- 
employment insurance  agencies  from  sending  wage  records  or  claim 
information  to  other  Federal,  State,  or  local  government  agencies 
(e.g.  for  purposes  of  determining  eligibility  or  benefit  amounts  for 
Temporary  Assistance  to  Needy  Families,  Housing  and  Urban  De- 
velopment assistance,  Food  Stamps,  SSI,  etc.). 

EFFECTIVE  DATE 

Provision  would  take  effect  one  year  after  the  date  of  enactment. 

Sec.  7.  Uniform  standards  for  truncation  of  the  Social  Security  ac- 
count number 

CURRENT  LAW 

No  provision. 

EXPLANATION  OF  PROVISION 

This  bill  would  restrict  the  sale,  purchase,  and  public  display  of 
the  SSN,  and  certain  other  uses  of  the  SSN,  in  both  the  public  and 
private  sectors.  In  situations  not  regulated  by  this  bill,  government 
entities  and  the  private  sector  may  voluntarily  choose  to  use  a 
truncated  version  of  the  SSN.  However,  if  they  choose  to  do  so,  the 
bill  would  require  any  truncated  version  of  an  individual's  SSN  to 
be  limited  to  not  more  than  the  last  four  digits  of  the  SSN. 

REASON  FOR  CHANGE 

A  2007  report  by  the  GAO  (Social  Security  Numbers:  Federal  Ac- 
tions Could  Decrease  Availability  in  Public  Records,  though  Other 
Vulnerabilities  Remain,  GAO-07-752),  recommended  that  Con- 
gress enact  truncation  standards  for  SSNs.  GAO  found  that  be- 
cause there  are  no  uniform  truncation  standards,  identity  thieves 
may  be  able  to  reconstruct  full  SSNs  by  combining  different  trun- 
cated versions  of  the  SSN  available  from  public  and  private 
sources.  This  bill  would  create  a  uniform  truncation  standard — lim- 
ited to  no  more  than  the  last  four  digits  of  the  SSN,  which  are  ran- 
domly generated — with  which  government  and  private  sector  enti- 
ties must  comply  to  limit  identity  thieves'  access  to  full  or  partial 
SSNs. 
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EFFECTIVE  DATE 

Initial  final  regulations  to  carry  out  the  provisions  would  have  to 
be  issued  by  the  Commissioner  (or  any  agency  to  which  it  delegates 
authority)  within  18  calendar  months  after  the  date  of  enactment. 
The  provision  would  take  effect  one  year  after  issuance  of  initial 
final  regulations. 

Sec.  8.  Prohibition  of  the  sale,  purchase,  and  display  to  the  general 
public  of  the  Social  Security  account  number  in  the  private  sec- 
tor 

CURRENT  LAW 

The  Gramm-Leach-Bliley  Act  (GLBA,  P.L.  106-102)  restricts  the 
ability  of  financial  institutions  to  disclose  nonpublic  personal  infor- 
mation about  consumers,  including  SSNs,  to  nonaffiliated  third 
parties,  although  consumers  must  opt-out  of  such  sharing  arrange- 
ments. Moreover,  GLBA  allows  financial  institutions  to  sell  SSNs 
among  their  affiliates,  who  may  number  in  the  thousands  and  may 
not  themselves  be  financial  institutions.  Consumers  have  no  opt- 
out  right  under  GLBA  against  selling  of  SSNs  to  affiliates,  which 
is  often  done  for  marketing  purposes. 

FCRA  regulates  businesses  that  regularly  provide  information 
about  consumers  to  third  parties  for  purposes  of  determining  eligi- 
bility for  credit,  employment,  insurance,  and  for  any  other  legiti- 
mate business  need  in  a  transaction  initiated  by  a  consumer.  Enti- 
ties that  provide  such  reports  on  consumers  are  considered  to  fall 
under  FCRA's  coverage.  Moreover,  FCRA  requires  companies  that 
provide  such  information  to  abide  by  certain  consumer  protections, 
such  as  allowing  consumers  to  view  and  correct  inaccuracies  in 
such  reports. 

The  "Health  Insurance  Portability  and  Accountability  Act" 
(HIPAA,  P.L.  104-191)  Privacy  Rule  limits  health  plans,  health 
care  clearinghouses,  and  health  care  providers  from  disclosing  cer- 
tain protected  information,  including  SSNs.  Individuals  must  give 
specific  authorization  before  health  care  providers  and  other  cov- 
ered entities  may  disclose  protected  information  in  most  non-rou- 
tine circumstances. 

However,  no  Federal  law  regulates  the  overall  sale,  purchase, 
and  display  to  the  general  public  of  SSNs  in  the  private  sector. 

EXPLANATION  OF  PROVISION 

The  bill  would  prohibit  the  sale,  purchase  or  display  to  the  gen- 
eral public  of  a  full  or  partial  SSN.  It  also  prohibits  using  an  SSN 
to  find  an  individual  with  the  intent  to  harass,  harm,  or  physically 
injure  the  individual,  or  using  the  individual's  identity  for  illegal 
purposes. 

The  bill  would  provide  exceptions  to  the  prohibitions  on  SSN  sale 
and  purchase  for  law  enforcement,  including  but  not  limited  to  en- 
forcement of  a  child  support  obligation;  national  security  purposes; 
public  health;  in  emergency  situations  to  protect  the  health  or  safe- 
ty of  one  or  more  individuals;  for  tax  compliance;  by  or  to  a  con- 
sumer reporting  agency  for  use  or  disclosure  for  permissible  pur- 
poses described  in  FCRA  (see  Explanation  of  Provision  under  sec- 
tion 2  of  the  bill);  and  government  or  publicly-funded  research  (for 
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advancing  the  public  good  and  with  restrictions  to  protect  privacy 
of  individuals). 

The  bill  would  also  provide  an  exception  for  sale  and  purchase 
of  SSNs  with  the  affirmative,  written  consent  of  the  individual  so 
long  as  consent  is  voluntary,  the  terms  are  presented  clearly  and 
conspicuously,  and  the  individual  may  limit  the  sale  or  purchase  to 
purposes  directly  associated  with  the  transaction. 

In  addition,  the  Commissioner  of  Social  Security  would  be  per- 
mitted to  authorize  sale,  purchase  or  public  display  of  SSNs  in 
other  circumstances  as  deemed  appropriate. 

The  bill  would  prohibit  the  display  of  the  full  or  partial  SSN  of 
another  person  on  any  check  issued  for  payment  or  on  any  docu- 
ments accompanying  checks. 

The  bill  would  prohibit  the  unauthorized  disclosure  of  another 
person's  SSN  to  a  government  agency  or  instrumentality  that  did 
not  request  the  SSN. 

In  addition,  the  bill  would  prohibit  the  display  of  full  or  partial 
SSNs  on  employee  identification  cards  or  tags,  or  cards  or  tags 
businesses  and  others  require  individuals  to  use  to  access  goods 
and  services.  The  restrictions  would  also  prohibit  including  the 
SSN  on  a  magnetic  strip,  bar  code,  or  other  means  which  would 
convey  the  SSN. 

The  bill  would  require  businesses  and  other  entities  that  collect 
and  store  SSNs  to  prevent  unauthorized  access  by  employees  or 
other  individuals. 

These  prohibitions  would  not  apply  to  SSNs  of  deceased  persons. 

The  restrictions  that  would  be  established  under  this  provision 
would  not  override  other  restrictions  or  limitations  in  Federal  or 
State  law  or  regulations  in  effect  to  the  extent  they  provide  greater 
protections  for  SSNs  than  would  be  created  under  this  provision  in 
the  bill. 

The  bill  would  define  a  "person"  to  which  these  prohibitions 
apply  as  any  individual,  partnership,  corporation,  trust,  estate,  co- 
operation, association,  or  any  other  entity,  other  than  a  govern- 
mental entity. 

The  bill  would  define  "sell"  as  obtaining,  directly  or  indirectly, 
anything  of  value  in  exchange  for  the  SSN.  "Purchase"  would  mean 
to  provide,  directly  or  indirectly,  anything  of  value  in  exchange  for 
the  SSN.  The  terms  "sell"  and  "purchase"  would  not  include  sub- 
mission of  the  SSN  when  applying  for  government  benefits  or  pro- 
grams, use  of  SSNs  in  administration  of  employee  benefit  plans,  or 
incidental  transmission  of  SSNs  as  part  of  the  sale,  lease,  merger, 
transfer,  or  exchange  of  a  trade  or  business. 

The  exception  for  the  transfer  of  an  SSN  as  part  of  the  sale, 
lease,  merger,  transfer,  or  exchange  of  a  trade  or  business  in  the 
definitions  of  "sell"  and  "purchase"  recognizes  that  there  may  be 
SSNs  embedded  in  data  files,  employee  files  or  loan  documents  of 
legitimate  businesses  that  may  be  transferred  when  a  business  or 
certain  assets  are  sold,  where  the  transfer  of  the  SSN  is  incidental 
to  the  transaction.  The  Committee  intends  that  this  exception  en- 
compasses not  only  the  sale  of  a  trade  or  business  in  its  entirety, 
but  also  the  sale  of  parts  of  a  business  and  the  sale  of  assets,  but 
only  where  the  primary  economic  value  being  transferred  is  derived 
from  assets  other  than  personally  identifiable  information  such  as 
SSNs.  Examples  of  such  a  covered  transfer  of  assets  include  a  pro- 
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posed  or  actual  securitization,  secondary  market  sale,  sale  of  serv- 
icing rights,  or  similar  transaction  related  to  mortgages  and  stu- 
dent loans,  where  an  SSN  is  embedded  in  the  loan  file.  If  SSNs  are 
included  in  such  a  transfer,  then  the  recipient  is  obligated  to  safe- 
guard them  as  required  under  the  bill. 

"Display  to  the  general  public"  would  mean  to  intentionally  place 
an  SSN  in  a  viewable  manner  on  an  Internet  site  that  is  available 
to  the  general  public  or  to  provide  access  to  the  general  public  by 
other  means.  In  addition,  requiring  an  individual  to  transmit  his 
or  her  SSN  over  the  Internet  without  ensuring  the  number  is 
encrypted  or  otherwise  protected  would  be  considered  a  prohibited 
display  to  the  general  public. 

"Social  Security  account  number"  would  include  any  derivative  of 
the  SSN.  However,  with  respect  to  the  restrictions  on  sale,  pur- 
chase or  public  display  of  the  SSN,  the  bill  would  provide  a  tem- 
porary exemption  permitting  private  entities  to  purchase,  sell  and 
publicly  display  the  last  four  digits  of  an  SSN  for  two  years  after 
the  effective  date  of  the  final  regulations. 

REASON  FOR  CHANGE 

Use  of  SSNs  in  the  private  sector  has  proliferated  for  purposes 
unrelated  to  administration  of  the  Social  Security  program,  collec- 
tion of  taxes,  or  other  purposes  authorized  under  Federal  law. 
Businesses  often  request  SSNs  from  their  customers.  For  example, 
information  resellers,  consumer  reporting  agencies,  and  financial 
institutions  obtain  SSNs  and  other  personal  information  from  cus- 
tomers, public  records,  and  other  sources  to  determine  an  individ- 
ual's identity  and  accumulate  information  about  them  for  certain 
purposes,  which  may  include  for  marketing  purposes  or  to  provide 
that  information  to  businesses  or  others  for  a  fee.  As  a  result, 
Americans  are  increasingly  concerned  that  the  SSN  they  disclose 
for  one  purpose  may  be  subsequently  sold  to  third  parties  and  used 
for  other  purposes  without  their  knowledge  or  consent.  For  exam- 
ple, an  individual  discloses  his  or  her  SSN  to  get  a  bank  loan.  The 
bank  sends  the  information  to  a  consumer  reporting  agency  to  re- 
quest a  credit  report.  The  consumer  reporting  agency  assembles  in- 
formation on  the  individual  and  associates  it  with  the  SSN.  Under 
current  law,  the  consumer  reporting  agency  may  then  incidentally 
or  purposefully  sell  the  SSN  and  other  information  to  insurance 
companies,  credit  companies,  information  resellers,  law  enforce- 
ment, government  agencies,  private  investigators,  and  others. 

Financial  institutions  are  allowed  under  current  law  to  disclose 
nonpublic  personal  information  they  gather  from  consumers  or 
from  other  sources  such  as  credit  bureaus  to  their  affiliates,  which 
may  number  in  the  thousands  and  may  not  themselves  be  financial 
institutions.  Affiliations  between  businesses  and  financial  institu- 
tions may  often  be  based  on  joint-marketing  agreements,  thus  the 
sale  of  nonpublic  personal  information  such  as  SSNs  is  often  done 
for  marketing  purposes. 

In  addition,  such  widespread  use  of  SSNs  increases  the  risk  that 
business  employees,  computer  hackers,  or  others  may  obtain  unau- 
thorized access  and  misuse  SSNs  to  commit  identity  theft  or  other 
crimes.  According  to  a  2003  survey  sponsored  by  the  FTC,  among 
identity  theft  victims  who  knew  the  identity  of  the  criminal,  23  per- 
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cent  said  the  person  responsible  worked  at  a  company  or  financial 
institution  that  had  access  to  the  victim's  personal  information. 

The  bill  would  restrict  the  sale,  purchase,  and  display  to  the  gen- 
eral public  of  SSNs.  For  example,  display  to  the  general  public 
would  include  making  records  containing  SSNs  available  on  paper, 
computer  disk,  or  other  media,  in  addition  to  display  over  the 
Internet.  The  bill  would  also  require  that  SSNs  be  appropriately 
safeguarded  when  collected  and  stored.  The  intent  is  to  limit  trans- 
mission of  SSNs  in  order  to  minimize  opportunities  for  SSN  misuse 
and  identity  theft. 

In  limiting  the  transmission  of  SSNs,  it  is  not  the  intent  to  pre- 
vent individuals  from  voluntarily  providing  their  own  SSNs  to  fa- 
cilitate a  transaction  that  they  initiate  or  to  prevent  businesses 
from  utilizing  SSNs  in  a  transaction  that  the  individual  authorizes. 
For  example,  if  an  individual  voluntarily  gives  his  or  her  own  SSN 
to  a  business  so  that  it  may  provide  goods  or  services,  it  is  not  the 
intent  of  the  bill  to  call  such  an  exchange  the  "sale"  or  "purchase" 
of  the  SSN  simply  because  it  is  facilitating  the  transaction. 

The  prohibition  against  the  sale  or  purchase  of  SSNs  would  not 
prevent  financial  institutions  from  complying  with  the  customer 
identification  program  requirements  of  the  USA  PATRIOT  Act. 
Under  the  USA  PATRIOT  Act,  banks,  savings  associations,  credit 
unions  and  securities  firms  are  required  to  verify  identification  in- 
formation provided  by  their  customers  when  establishing  an  ac- 
count. Financial  institutions  that  utilize  verification  services  of- 
fered by  consumer  reporting  agencies  and  other  information  re- 
sellers generally  are  not  selling  or  purchasing  their  customers' 
SSNs  when  they  check  them  against  a  database  because  the  finan- 
cial institution  and  the  verification  service  provider  each  already 
possess  the  SSN.  The  verification  service  merely  affirms  whether 
the  SSN  and  other  identification  information  provided  by  the  cus- 
tomer to  the  financial  institution  match  the  information  in  the  pro- 
vider's database.  If  the  SSN  itself  is  not  being  exchanged  for  some- 
thing of  value,  then  the  transaction  would  not  be  considered  a  sale 
or  purchase  of  the  SSN. 

With  respect  to  the  exemption  for  activities  of  consumer  report- 
ing agencies  for  purposes  described  in  section  604(a)  of  FCRA,  sales 
and  purchases  of  SSNs  by  CRAs  that  are  in  furtherance  of  those 
specified  purposes  (such  a  sale  or  purchase  of  an  SSN  as  part  of 
authenticating  a  customer's  identity  in  order  to  ensure  that  he  or 
she  receives  the  correct  report,  or  compiling  information  used  in 
providing  a  consumer  report)  are  not  intended  to  constitute  a  pro- 
hibited sale  or  purchase  under  the  bill. 

The  exemption  for  tax  compliance  recognizes  that  SSNs  are  also 
used  in  tax  administration,  and  that  tax  law  extends  to  a  wide  va- 
riety of  transactions  including,  for  example,  payment  of  mortgages 
where  interest  is  tax-deductible,  securities  sales,  and  even  car 
loans,  where  if  there  is  a  default  and  the  creditor  writes  off  the 
loss,  the  value  of  the  discharged  debt  must  be  reported  for  tax  pur- 
poses. 

In  addition,  during  the  course  of  the  Subcommittee  on  Social  Se- 
curity's consideration  of  the  bill,  the  Federal  Deposit  Insurance 
Corporation  (FDIC)  and  some  financial  institutions  expressed  con- 
cern that  the  bill's  restrictions  on  sale  and  purchase  of  SSNs  could 
be  interpreted  to  impede  the  FDIC's  resolution  or  liquidation  of 
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failed  insured  depository  institutions,  or  other  business  mergers 
and  acquisitions.  The  bill's  language  specifying  that  "sell"  or  "pur- 
chase" does  not  include  the  sale,  lease,  merger,  transfer,  or  ex- 
change of  a  trade  or  business  is  intended  to  make  clear  that  the 
FDIC  may  share  SSNs  in  carrying  out  its  responsibilities,  and 
SSNs  may  be  conveyed  as  part  of  the  merger,  acquisition,  etc.  of 
a  business. 

With  respect  to  the  exception  for  research  advancing  the  public 
good,  the  intent  is  to  preserve  the  government's  ability  to  conduct 
scientific,  epidemiological,  and  social  scientific  research  that  would 
benefit  the  public.  It  is  not  intended  to  facilitate  private  commer- 
cial research  for  product  or  service  development  or  marketing.  In 
the  case  of  non-publicly  sponsored  or  funded  research  advancing 
the  public  good,  the  Commissioner  would  have  the  ability  to  au- 
thorize SSN  sale  and  purchase  where  appropriate,  under  its  gen- 
eral regulatory  authority.  In  the  case  of  research  involving  medical 
information  on  individuals,  it  is  expected  that  the  Commissioner 
will  only  authorize  sale  of  SSNs  in  strict  compliance  with  Federal 
rules  and  regulations  on  the  privacy  of  medical  information. 

With  respect  to  the  exception  for  affirmative  written  consent  of 
the  individual,  the  intent  is  to  enable  individuals  to  authorize  the 
sale  or  purchase  of  their  own  SSNs  if  they  determine  it  is  in  their 
own  best  interest.  Businesses  and  others  soliciting  such  consent 
from  the  individual  must  explain  clearly  and  understandably  what 
giving  consent  would  entail  and  the  uses  that  might  be  made  of  the 
individual's  SSN.  Preferably,  the  explanation  and  solicitation  of 
consent  would  be  a  distinct  document  or  other  communication  sepa- 
rate from  other  explanations  or  solicitations  from  the  business  or 
other  persons.  The  terms  of  consent,  and  the  explanation  of  the 
right  to  refuse  consent  or  to  limit  the  SSN's  exchange  solely  to  a 
specific  transaction,  should  not  be  obscured  by  other  explanations, 
authorizations,  solicitations  or  other  text  that  might  be  included  in 
the  same  document.  No  individual  should  be  obligated  to  provide 
consent;  however,  businesses  and  others  may  provide  an  expla- 
nation of  the  advantages  and  disadvantages  (with  equal  promi- 
nence given  to  both)  of  providing  versus  refusing  consent. 

With  respect  to  the  exception  permitting  the  Commissioner  to  au- 
thorize additional  exceptions  to  the  general  prohibition  on  SSN 
sale,  purchase,  and  display  to  the  general  public,  for  the  same  rea- 
sons discussed  under  section  2  of  the  bill,  the  expectation  is  that 
this  authority  would  be  used  extremely  judiciously  and  only  when 
there  are  no  other  reasonable  alternative  measures  that  could  at- 
tain the  same  objective. 

For  the  same  reasons  discussed  under  section  3,  the  bill  would 
prohibit  display  of  another  individual's  SSN  on  any  check  issued 
for  payment  or  documents  accompanying  the  checks  because  iden- 
tity thieves  may  gain  access  to  personal  information,  including 
SSNs,  by  rifling  through  trash  for  discarded  documents. 

Section  2  of  the  bill  would  prohibit  government  agencies  from 
selling  or  displaying  to  the  general  public  SSNs  they  require  indi- 
viduals to  disclose  to  the  government.  However,  many  of  the  SSNs 
that  appear  in  government  records — particularly  court  records,  doc- 
uments from  attorneys,  title  companies,  or  other  businesses  and  in- 
dividuals— are  the  result  of  including  a  person's  SSN  on  papers 
submitted  to  the  court  for  the  sake  of  convenience.  Government 
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agencies  do  not  have  the  resources  to  comb  through  innumerable 
documents  searching  for  such  "incidental"  inclusion  of  SSNs.  As  a 
result,  an  individual's  SSN  could  be  displayed  to  the  public  without 
the  government  record-keeper  realizing  it.  Therefore,  to  prevent  in- 
advertent sale  or  display  of  SSNs  by  government  agencies,  the  bill 
would  prohibit  the  submission  of  the  SSN  to  government  agencies 
absent  the  government  agency's  requiring  that  the  number  be  sub- 
mitted or  the  individual's  written  consent.  Thus,  this  provision  does 
not  prohibit  submission  of  another  individual's  SSN  for  the  purpose 
of  applying  for  benefits  on  their  behalf,  such  as  when  a  parent  files 
an  application  on  behalf  of  a  child. 

Also,  for  the  same  reasons  discussed  under  section  4,  the  bill 
would  prevent  private  sector  employers  and  those  providing  em- 
ployee benefits  from  displaying  an  individual's  full  or  partial  SSN 
on  any  identification  card  or  tag  issued  to  the  employee  or  an  em- 
ployee's family  member.  In  addition,  the  bill  would  prevent  busi- 
nesses from  displaying  full  or  partial  SSNs  on  cards  or  tags  used 
to  access  goods  and  services.  Individuals  who  must  carry  such 
cards  and  tags  with  their  SSNs  are  at  greater  risk  of  identity  theft 
should  their  wallets  or  purses  be  stolen  or  lost.  According  to  an 
FTC-sponsored  survey,  14  percent  of  identity  theft  victims  said 
their  personal  information  was  obtained  from  a  lost  or  stolen  wallet 
or  checkbook.  This  provision  is  not  intended  to  prevent  inclusion  of 
encrypted  SSNs  (those  that  are  transformed  by  a  secret  code  to  ap- 
pear as  other  than  the  nine-digit  number  assigned  by  the  Commis- 
sioner of  Social  Security  when  read  or  otherwise  accessed  by  unau- 
thorized parties). 

The  restrictions  on  private  sector  sale,  purchase,  and  display  to 
the  general  public  of  SSNs  would  not  apply  to  the  SSNs  of  de- 
ceased persons.  This  is  because  the  sale  and  public  availability  of 
information  on  deceased  individuals  is  necessary  to  prevent  fraud. 
As  mentioned  in  the  discussion  under  section  2  of  the  bill,  the  SSA 
DMF  is  used  by  both  public  and  private  sector  entities  to  prevent 
fraud  and  comply  with  the  USA  PATRIOT  Act.  By  methodically 
running  financial,  credit,  payment  and  other  applications  against 
the  DMF,  the  financial  community,  insurance  companies,  security 
firms  and  State  and  local  governments  are  better  able  to  identify 
and  prevent  identity  fraud.  The  USA  PATRIOT  Act  requires  an  ef- 
fort to  verify  the  identity  of  customers,  including  procedures  to 
verify  customer  identity  and  maintaining  records  of  information 
used  to  verify  identity. 

As  discussed  under  section  2,  this  bill  is  intended  to  serve  as  a 
floor  of  protection  for  SSNs  and  is  not  intended  to  override  SSN 
protections  in  Federal  or  State  law  or  regulations  in  effect  to  the 
extent  they  provide  greater  restrictions.  For  example,  this  bill  is 
not  intended  to  enable  SSN  sale,  purchase,  or  display  to  the  gen- 
eral public  by  health  providers  that  would  otherwise  be  prohibited 
under  the  HIPAA  Privacy  Rule. 

EFFECTIVE  DATE 

Initial  final  regulations  to  carry  out  the  provisions  would  have  to 
be  issued  by  the  Commissioner  or  any  other  agency  to  which  the 
Commissioner  delegates  authority  within  18  calendar  months  after 
the  date  of  enactment.  The  provisions  would  take  effect  one  year 
after  issuance  of  initial  final  regulations.  The  prohibition  on  public 
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display  of  SSNs  would  only  apply  with  respect  to  records  generated 
after  the  effective  date  of  the  regulations.  The  temporary  exemp- 
tion to  allow  purchase,  sale  and  display  of  the  last  four  digits  of 
the  SSN  would  expire  two  years  after  the  effective  date  of  the  ini- 
tial final  regulations. 

Sec.  9.  New  criminal  penalties  for  misuse  of  Social  Security  account 
numbers 

CURRENT  LAW 

Section  208  of  the  Social  Security  Act  provides  criminal  penalties 
for  fraudulently  obtaining  an  SSN  from  SSA  or  the  misuse  of  an 
SSN.  In  such  cases,  section  208  specifies  that  persons  shall  be 
guilty  of  a  felony  and  upon  conviction  shall  be  fined  under  Title  18, 
United  States  Code  (up  to  $250,000  for  an  individual  and  up  to 
$500,000  for  an  organization)  and/or  imprisoned  for  up  to  five 
years. 

In  addition,  depending  upon  the  facts,  certain  sections  under 
Title  18  of  the  United  States  Code  are  applicable  to  the  misuse  of 
SSNs,  including  18  U.S.C.  §  1028(a)(7),  the  "Identity  Theft  and  As- 
sumption Deterrence  Act  of  1998"  (P.L.  105-318),  which  prohibits 
the  knowing  transfer  or  use  of  another  person's  SSN  without  lawful 
authority.  The  "Internet  False  Identification  Prevention  Act  of 
2000"  (P.L.  106-578)  closed  some  loopholes  in  the  "Identity  Theft 
and  Assumption  Deterrence  Act  of  1998"  by  prohibiting  the  trans- 
fer of  a  false  identification  document  by  electronic  means,  including 
on  a  template  or  computer  file  or  disk. 

Lastly,  the  "Identity  Theft  Penalty  Enhancement  Act"  (P.L.  108- 
275)  establishes  penalties  for  aggravated  identity  theft.  The  law 
prescribes  sentences,  to  be  imposed  in  addition  to  the  punishments 
provided  for  the  related  felonies,  of:  (1)  two  years'  imprisonment  for 
knowingly  transferring,  possessing,  or  using,  without  lawful  au- 
thority, a  means  of  identification  of  another  person  during  and  in 
relation  to  specified  felony  violations;  and  (2)  five  years'  imprison- 
ment for  knowingly  taking  such  action  with  respect  to  a  means  of 
identification  or  a  false  identification  document  during  and  in  rela- 
tion to  specified  felony  violations  pertaining  to  terrorist  acts.  The 
law  also  prohibits  a  court  from:  (1)  placing  any  person  convicted  of 
such  a  violation  on  probation;  (2)  reducing  any  sentence  for  the  re- 
lated felony  to  take  into  account  the  sentence  imposed  for  such  a 
violation;  or  (3)  providing  for  concurrent  terms  of  imprisonment  for 
a  violation  of  this  Act  and  a  violation  under  any  other  Act. 

The  law  also  expands  the  existing  identify  theft  prohibition  to: 
(1)  cover  possession  of  a  means  of  identification  of  another  with  in- 
tent to  commit  specified  unlawful  activity;  (2)  increase  penalties  for 
violations;  and  (3)  include  acts  of  domestic  terrorism  within  the 
scope  of  a  prohibition  against  facilitating  an  act  of  international 
terrorism.  Finally,  the  law  modifies  provisions  regarding  embezzle- 
ment and  theft  of  public  money,  property,  or  records  to  provide  for 
combining  amounts  from  all  the  counts  for  which  the  defendant  is 
convicted  in  a  single  case  for  purposes  of  determining  which  pen- 
alties apply. 
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EXPLANATION  OF  PROVISION 

The  bill  would  expand  the  types  of  SSN  misuse  to  which  criminal 
penalties  apply  and  would  establish  a  two-tier  penalty  structure 
that  creates  new  categories  of  misdemeanor  and  felony  violations. 

The  bill  would  provide  for  criminal  misdemeanor  penalties, 
which  are  subject  to  fines  under  Title  18  of  the  United  States  Code 
and/or  imprisonment  for  up  to  one  year.  It  would  apply  to  govern- 
ment employees  and  private  sector  individuals  who:  (1)  display 
SSNs  on  checks  issued  for  payment;  (2)  display  SSNs  on  identifica- 
tion cards;  or  (3)  violate  the  uniform  truncation  standards.  It  would 
apply  to  private  sector  entities  who  communicate  another  person's 
SSN  to  a  government  entity  when  not  required.  It  would  apply  to 
government  employees  who  display  SSNs  on  drivers'  licenses  and 
vehicle  registrations.  Finally,  the  misdemeanor  penalty  would 
apply  to  the  knowing  unlawful  possession  of  another  person's  SSN 
card  or  a  fraudulent  SSN  card  with  an  intent  to  use  the  SSN  in 
furtherance  of  a  violation  of  law. 

The  bill  would  also  provide  for  criminal  felony  penalties,  which 
are  subject  to  fines  under  Title  18  of  the  United  States  Code  and/ 
or  imprisonment  for  up  to  five  years.  The  felony  provision  would 
apply  to  individuals  who  obtain  or  use  an  SSN  with  intent  to  har- 
ass, harm  or  physically  injure  another  person. 

The  bill  would  also  create  enhanced  penalties  for  repeat  offend- 
ers and  for  violations  committed  to  facilitate  drug  trafficking  or  ter- 
rorism. 

Finally,  the  bill  would  provide  for  both  criminal  misdemeanor 
and  felony  penalties  for  certain  violations.  These  penalties  apply  to 
persons  who  sell  their  own  SSN  with  the  intent  to  deceive,  or  assist 
an  individual  in  acquiring  an  additional  SSN  for  a  fee.  It  would 
apply  to  government  entities  that:  (1)  sell  or  display  the  SSN  in 
violation  of  section  2  of  the  bill;  (2)  give  inmates  access  to  SSNs; 
or  (3)  fail  to  protect  SSNs  as  required  under  section  6  of  the  bill. 
It  would  also  apply  to  private  sector  entities  who:  (1)  sell,  purchase 
or  display  the  SSN  in  violation  of  section  8  of  the  bill;  or  (2)  fail 
to  protect  the  confidentiality  of  the  SSN  in  violation  of  section  8  of 
the  bill.  These  violations  would  be  subject  to  a  felony  charge  if  they 
are  committed  under  false  pretenses,  or  for  commercial  advantage, 
personal  gain,  or  malicious  harm. 

REASON  FOR  CHANGE 

Identity  theft  often  begins  with  the  misuse  of  an  SSN.  While  ad- 
vances have  been  made  to  prosecute  those  individuals  who  assist 
another  person  to  improperly  acquire  an  additional  SSN  or  a  num- 
ber that  purports  to  be  an  SSN,  SSA  Inspector  General  and  the  De- 
partment of  Justice  have  continued  to  encounter  some  problems, 
for  example  in  prosecuting  individuals  who  operate  over  the  Inter- 
net or  at  a  flea  market.  It  is  appropriate  to  close  loopholes  to  pre- 
vent individuals  assisting  another  person  to  improperly  acquire  an 
additional  SSN  or  a  number  that  purports  to  be  an  SSN.  In  addi- 
tion, it  is  appropriate  to  establish  penalties  for  those  who  violate 
the  prohibitions  on  sale,  purchase  and  display  to  the  general  public 
established  under  this  bill. 

In  addition,  the  SSA  Inspector  General  has  investigated  individ- 
uals who  have  sold  or  transferred  their  own  SSN  to  a  third  person 


35 


with  intent  to  deceive  and  has  encountered  problems  in  the  pros- 
ecution. While  such  an  individual  may  potentially  be  prosecuted 
under  the  criminal  statutes  involving  conspiracy  or  aiding  and 
abetting,  because  of  the  gravity  of  SSN  misuse,  it  is  appropriate  to 
address  this  problem  head  on  and  provide  criminal  penalties  when 
an  individual  sells  or  transfers  his  or  her  own  SSN  with  intent  to 
deceive. 

With  respect  to  violations  that  are  punishable  as  either  a  mis- 
demeanor or  a  felony,  this  two-tier  structure  is  intended  to  provide 
prosecutors  with  additional  flexibility  in  charging  violators.  The 
"aggravating"  circumstances  under  which  a  violation  would  be  a 
felony  rather  than  a  misdemeanor  are  drawn  from  the  HIPAA  Pri- 
vacy Rule,  which  also  contains  a  multi-tiered  structure  of  penalties. 

EFFECTIVE  DATE 

The  criminal  penalties  would  apply  to  violations  that  occur  after 
enactment,  except  for  violations  of  prohibitions  created  under  this 
bill.  In  such  cases,  the  criminal  penalties  would  apply  to  violations 
that  occur  on  or  after  the  applicable  effective  dates. 

Sec.  10.  Extension  of  civil  monetary  penalty  authority 

CURRENT  LAW 

Section  1129  of  the  Social  Security  Act  authorizes  the  Commis- 
sioner to  impose  civil  monetary  penalties  and  assessments  on  any 
person  who  makes  a  false  statement  or  representation  of  a  material 
fact,  or  omits  a  material  fact  while  providing  a  statement,  for  use 
in  determining  eligibility  for  Social  Security  or  SSI  benefits  or  the 
benefit  amount.  The  Commissioner  may  impose  a  civil  monetary 
penalty  of  up  to  $5,000  for  each  violation,  and  an  assessment  of  up 
to  twice  the  amount  of  benefits  or  payments  paid  as  a  result  of 
such  violation. 

Currently,  an  individual  who  improperly  obtains  an  SSN  from 
SSA  or  misuses  another  person's  SSN  is  not  subject  to  civil  mone- 
tary penalties  and  assessments  under  section  1129,  except  in  cases 
of  SSN  misuse  related  to  the  receipt  of  Social  Security  or  SSI  bene- 
fits. 

EXPLANATION  OF  PROVISION 

The  bill  would  expand  the  types  of  activities  to  which  civil  mone- 
tary penalties  and  assessments  apply.  Specifically,  it  would  author- 
ize the  Commissioner  to  impose  (in  addition  to  any  other  penalties 
that  may  apply)  civil  monetary  penalties  and  assessments  on  per- 
sons who:  (1)  use  an  SSN  obtained  through  false  information;  (2) 
falsely  represent  an  SSN  to  be  their  own;  (3)  with  intent  to  deceive, 
alter  an  SSN  card;  (4)  buy  or  sell  an  SSN  card  or  a  card  purported 
to  be  an  SSN  card;  (5)  counterfeit  an  SSN  card;  (6)  disclose,  use 
or  compel  the  disclosure  of  the  SSN  of  any  person  in  violation  of 
any  Federal  law;  (7)  provide  false  information  to  obtain  an  SSN;  (8) 
offer  to  acquire,  for  a  fee,  an  additional  SSN  for  an  individual;  (9) 
disclose,  sell  or  transfer  a  person's  own  SSN  with  intent  to  deceive; 
(10)  knowingly  possess  an  SSN  unlawfully  or  possess  an  altered  or 
counterfeited  SSN  with  the  intent  to  commit  a  felony;  (11)  as  a  gov- 
ernment officer,  violate  prohibitions  on  display  of  SSNs  on  drivers' 
licenses,  sale  and  display  of  SSNs,  displaying  SSNs  on  checks  and 
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identification  cards,  inmate  access  to  SSNs,  security  and  protection 
of  SSNs,  or  truncation  standards;  (12)  as  a  bankruptcy  trustee,  sell 
or  display  SSNs,  display  SSNs  on  checks,  fail  to  protect  the  con- 
fidentiality of  SSNs,  or  violate  truncation  standards;  (13)  sell,  pur- 
chase or  display  SSNs,  or  violate  truncation  standards;  or  (14)  as 
an  SSA  employee,  violate  section  11  of  the  bill  (relating  to  fraudu- 
lent issuance  of  SSNs). 

REASON  FOR  CHANGE 

SSN  misuse,  not  related  to  the  determination  of  eligibility  for,  or 
the  amount  of,  Social  Security  or  SSI  benefits,  can  also  result  in 
considerable  costs  for  the  government,  the  private  sector,  and  indi- 
viduals who  are  victims  of  fraud.  In  many  cases,  the  costs  of  SSN 
misuse  extend  beyond  monetary  losses. 

The  SSN  is  a  valuable  commodity  today  for  criminals.  As  the 
Subcommittee  on  Social  Security  has  heard  in  testimony,  the  use 
of  the  SSN  has  grown  so  that  it  is  interwoven  into  many  aspects 
of  every  day  life.  It  has  become  the  de  facto  national  identifier, 
used  as  a  "breeder  document"  to  obtain  a  driver's  license  or  a  credit 
card,  open  a  bank  account  or  secure  a  loan. 

Because  of  the  prevalence  of  the  use  of  the  SSN  in  society  and 
the  gravity  of  SSN  misuse,  it  is  appropriate  to  provide  for  civil 
monetary  penalties  and  assessments  for  violations  of  the  law  relat- 
ing to  SSN  misuse  in  general. 

EFFECTIVE  DATE 

The  civil  monetary  penalties  would  apply  to  violations  that  occur 
after  enactment,  except  with  respect  to  violations  of  prohibitions 
created  under  this  bill.  In  such  cases,  the  civil  monetary  penalties 
would  apply  to  violations  that  occur  on  or  after  the  applicable  effec- 
tive date. 

Sec.  11.  Criminal  penalties  for  employees  of  the  Social  Security  Ad- 
ministration who  knowingly  and  fraudulently  issue  Social  Se- 
curity cards  or  Social  Security  account  numbers 

CURRENT  LAW 

SSA  employees  who  fraudulently  sell  SSNs  to  third  parties  may 
be  tried  under  a  number  of  criminal  statutes,  including  but  not 
limited  to  18  U.S.C.  371  (conspiracy)  and  18  U.S.C.  §641  (theft  of 
government  property). 

EXPLANATION  OF  PROVISION 

The  bill  would  provide  for  criminal  penalties  for  SSA  employees 
(including  contract  workers,  State  Disability  Determination  Service 
workers  and  volunteers  in  an  SSA  facility)  who  knowingly  and 
fraudulently  sell  or  transfer  SSNs  or  Social  Security  cards,  with 
the  penalty  based  on  the  number  of  SSNs  or  Social  Security  cards 
fraudulently  issued,  as  follows:  (1)  up  to  50  SSNs  or  cards:  up  to 
5  years  imprisonment;  (2)  51  to  100  SSNs  or  cards:  up  to  10  years 
imprisonment;  or  (3)  101  or  more  SSNs  or  cards:  up  to  20  years  im- 
prisonment. 
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REASON  FOR  CHANGE 

Crimes  of  fraud  against  the  integrity  of  the  SSN  are  of  great  con- 
cern because  of  the  far-reaching  implication  such  crimes  have  upon 
the  integrity  of  SSA,  the  potential  impact  on  innocent  individuals 
due  to  identity  theft,  and  possible  misuse  of  SSNs  in  terrorist  ac- 
tivities. This  is  especially  true  when  the  crime  is  perpetrated,  at 
least  in  part,  by  an  SSA  employee.  SSA  employees  issuing  SSNs 
are  in  a  position  of  trust.  When  this  trust  is  violated,  the  effect  on 
SSA's  programs  and  operations  and  on  the  public  in  general  can  be 
devastating.  Fortunately,  the  number  of  SSA  employees  taking 
part  in  these  crimes  is  small,  but  participation  in  such  crimes  by 
any  SSA  employee  to  any  extent  cannot  be  tolerated. 

SSA  and  the  SSA  Inspector  General  are  concerned  that  current 
laws  do  not  provide  an  adequate  deterrent  to  SSA  employees 
tempted  to  facilitate  these  crimes.  In  several  recent  investigations 
involving  SSA  employees,  the  employee  when  caught  has  received 
little,  if  any,  prison  time  though  the  employee  may  have  fraudu- 
lently issued  hundreds  of  SSNs.  The  Committee  is  concerned  be- 
cause the  SSNs  issued  have  usually  not  previously  been  issued  to 
anyone  else.  Even  a  thorough  credit  check  would  not  show  this 
SSN  to  be  fraudulent.  This  could  allow  a  criminal  to  more  easily 
assimilate  into  our  society.  Therefore,  it  is  appropriate  to  provide 
for  enhanced  criminal  penalties  for  SSA  employees  who  abuse  their 
position  of  trust  and  assist  in  the  fraudulent  issuance  of  SSNs. 

EFFECTIVE  DATE 

The  penalties  would  apply  to  violations  that  occur  on  or  after  en- 
actment. 

Sec.  12.  Enhanced  penalties  in  cases  of  terrorism,  drug  trafficking, 
crimes  of  violence,  or  prior  offenses 

CURRENT  LAW 

Sections  208,  811  and  1632  of  the  Social  Security  Act  (regarding 
Social  Security  benefits,  Special  Benefits  for  Certain  World  War  II 
Veterans  and  SSI  benefits,  respectively)  provide  that  persons  who 
willingly  and  knowingly  commit  fraud  shall  be  guilty  of  a  felony 
and  upon  conviction  shall  be  fined  under  Title  18,  United  States 
Code,  and/or  imprisoned  for  up  to  five  years. 

Examples  of  violations  to  which  penalties  apply  include  making 
false  statements  or  representations  of  fact  to  obtain  benefits  or  in- 
crease benefit  payments;  failing  to  disclose  an  event  that  affects  an 
individual's  initial  or  continued  right  to  receive  benefits;  and  en- 
gaging in  various  types  of  SSN  misuse  or  fraud  (such  as  using  an 
SSN  obtained  on  the  basis  of  false  information;  falsely  representing 
an  SSN  to  be  one's  own  with  intent  to  deceive;  buying  or  selling 
an  SSN  card;  counterfeiting  an  SSN  card;  or  disclosing,  using  or 
compelling  the  disclosure  of  the  SSN  of  any  person  in  violation  of 
any  Federal  law). 

Penalties  apply  to  violations  committed  by  individuals  (or  organi- 
zations) acting  in  the  capacity  of  a  representative  payee  (or  pro- 
spective representative  payee)  for  a  beneficiary  other  than  the  indi- 
vidual's spouse.  If  the  court  determines  that  the  violation  also  in- 
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eludes  willful  misuse  of  funds,  the  court  may  require  full  or  partial 
restitution  of  funds  to  the  beneficiary. 

EXPLANATION  OF  PROVISION 

The  bill  would  enhance  criminal  penalties  under  sections  208, 
811  and  1632  of  the  Social  Security  Act  with  respect  to  (a)  repeat 
offenders  and  (b)  violations  committed  to  facilitate  a  drug  traf- 
ficking crime,  a  crime  of  violence,  or  an  act  of  international  or  do- 
mestic terrorism. 

Specifically,  the  bill  would  provide  for:  (1)  fines  and/or  imprison- 
ment for  up  to  five  years  for  first  offenders;  (2)  fines  and/or  impris- 
onment for  up  to  10  years  for  repeat  offenders;  (3)  fines  or  impris- 
onment for  up  to  20  years  for  persons  convicted  of  violations  for  the 
purpose  of  facilitating  a  drug  trafficking  crime  or  a  crime  of  vio- 
lence against  persons;  and  (4)  fines  or  imprisonment  for  up  to  25 
years  for  persons  convicted  of  violations  for  the  purpose  of  facili- 
tating an  act  of  international  or  domestic  terrorism. 

REASON  FOR  CHANGE 

The  expanded  use  of  the  SSN  in  today's  society  has  made  it  a 
very  valuable  commodity  for  criminals.  As  the  Subcommittee  on  So- 
cial Security  has  heard  in  several  hearings,  the  SSN  is  considered 
a  prime  "breeder  document,"  a  valuable  commodity  used  to  obtain 
a  driver's  license  or  credit  card,  as  well  as  open  a  bank  account  or 
obtain  a  loan.  In  addition  to  being  a  lynchpin  for  identity  theft 
crimes,  the  SSN  also  assists  terrorists  in  assimilating  into  our  soci- 
ety and  avoiding  detection. 

The  integrity  of  the  SSN  is  vital.  Its  importance  in  both  identity 
theft  and  homeland  security  is  universally  recognized.  Providing 
new,  enhanced,  structured  penalties  appropriately  reflects  the  vital 
importance  of  the  SSN  and  the  commitment  of  the  Congress,  SSA 
and  the  SSA  Inspector  General  to  its  protection. 

EFFECTIVE  DATE 

The  penalties  would  apply  to  violations  that  occur  after  enact- 
ment. 

Sec.  13.  Regulatory  and  enforcement  authority  with  respect  to  mis- 
use of  the  Social  Security  account  number 

CURRENT  LAW 

No  provision. 

EXPLANATION  OF  PROVISION 

The  bill  would  direct  the  Commissioner  of  Social  Security  to 
issue  regulations  regarding  the  sale,  purchase,  or  display  to  the 
general  public  of  SSNs  and  to  provide  an  opportunity  for  public 
comment  on  regulations  in  accordance  with  the  "Administrative 
Procedure  Act"  (P.L.  79-404).  The  Commissioner  would  be  required 
to  consult  with  the  Attorney  General  of  the  United  States,  the  Sec- 
retary of  Health  and  Human  Services,  the  Secretary  of  Homeland 
Security,  the  Secretary  of  the  Treasury,  the  Federal  Trade  Commis- 
sion, the  Comptroller  of  the  Currency,  the  Director  of  the  Office  of 
Thrift  Supervision,  the  Board  of  Governors  of  the  Federal  Reserve 
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System,  the  Federal  Deposit  Insurance  Corporation,  the  National 
Credit  Union  Administration,  the  Securities  and  Exchange  Com- 
mission, State  Attorneys  General  and  representatives  of  the  State 
insurance  commissioners  as  designated  by  the  National  Association 
of  Insurance  Commissioners. 

When  authorizing  the  sale,  purchase,  or  display  of  SSNs  for  law 
enforcement  or  national  security  purposes,  the  Commissioner 
would  be  required  to  find  that  the  sale,  purchase  or  display  would 
serve  a  compelling  public  interest  that  cannot  reasonably  be  served 
through  alternative  measures,  and  would  not  pose  an  unreasonable 
risk  of  identity  theft,  or  harm  to  an  individual. 

The  Commissioner  would  be  able  to  authorize  the  sale,  purchase, 
or  display  to  the  general  public  of  SSNs  for  purposes  other  than 
law  enforcement  or  national  security,  only  after  considering  wheth- 
er the  authorization  serves  a  compelling  public  interest  and  consid- 
ering the  costs  and  benefits  to  the  general  public,  businesses,  com- 
mercial enterprises,  non-profit  associations,  and  governments.  If 
the  Commissioner  authorizes  the  sale,  purchase,  or  display  to  the 
general  public  of  SSNs,  he  or  she  would  be  required  to  impose  re- 
strictions and  conditions  to  reduce  the  likelihood  of  fraud  and  crime 
and  to  prevent  an  unreasonable  risk  of  identity  theft  or  bodily, 
emotional  or  financial  harm  to  individuals. 

The  Committee  intends  that  any  exceptions  made  under  this  sec- 
tion of  the  bill  by  SSA,  or  any  other  agency  to  which  rulemaking 
authority  is  delegated,  would  conform  to  the  purposes  of  this  Act: 
to  prevent  SSN  misuse  and  identity  theft  by  reducing  the  avail- 
ability of  SSNs  in  documents  obtainable  by  identity  thieves.  The 
Committee  expects  SSA  or  other  agencies  to  consider  an  exception 
to  allow  the  sale  or  purchase  of  SSNs  to  the  extent  necessary  to 
prevent  fraud  in  financial  transactions  initiated  by  a  consumer. 
FCRA  requires  information  sellers  to  comply  with  certain  consumer 
protections  if  they  are  compiling  and  selling  consumer  information 
for  determining  consumer  eligibility  for  credit,  employment,  insur- 
ance, licensing  and  other  government  benefits,  or  for  any  other  le- 
gitimate business  need  in  transactions  initiated  by  the  consumer. 
Any  further  exceptions  promulgated  by  an  agency  regarding  fraud 
should  be  tailored  narrowly  to  the  purpose  of  detecting  and  inves- 
tigating fraud  in  violation  of  civil  or  criminal  statutes  and/or  regu- 
lations or  identity  theft.  Furthermore,  they  should  be  written  in 
such  manner  that  does  not  allow  sellers  or  buyers  of  SSNs  to  cir- 
cumvent the  requirements  and  applicability  of  FCRA  by  selling  or 
buying  SSNs  for  purposes  already  covered  by  the  exception  relating 
to  section  604(a)  of  FCRA,  but  doing  so  in  a  way  that  does  not  sub- 
ject them  to  FCRA's  regulations.  Finally,  SSNs  sold  or  bought 
under  such  an  exception  should  be  restricted  from  use  for  any  sec- 
ondary purposes  not  related  to  the  transaction. 

The  Commissioner  would  have  the  authority  to  delegate  rule- 
making to  other  Federal  agencies,  as  appropriate.  The  Commis- 
sioner would  delegate  this  authority  to  any  agency  or  instrumen- 
tality which  would  otherwise  have  regulatory  authority  over  such 
matters.  The  Commissioner  would  also  facilitate  coordination  and 
consistent  rulemaking  and  enforcement  by  other  agencies. 

With  respect  to  any  regulation  issued  under  the  Commissioner's 
general  authority  to  provide  for  an  exemption  from  the  bill's  prohi- 
bition on  sale,  purchase  or  display,  such  regulations  would  expire 
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five  years  after  their  effective  dates.  One  year  prior  to  the  expira- 
tion of  the  regulations,  GAO  would  be  required  to  conduct  a  review 
of  the  efficacy  of  the  regulations  and  the  extent  to  which  such  regu- 
lations are  consistent  with  and  in  furtherance  of  the  purpose  of  this 
bill.  The  Commissioner  may  use  the  results  of  the  review  to  issue 
new  regulations  consistent  with  the  guidelines  provided  in  this  bill, 
as  listed  above. 

This  bill  would  authorize  any  State  Attorney  General  to  bring  a 
civil  action  in  a  United  States  district  court  to  enforce  compliance 
with  the  statute  and  related  regulations  by  State  and  local  govern- 
ments and  the  private  sector.  An  Attorney  General  may  bring  an 
action  when  he  or  she  has  reason  to  believe  that  an  interest  of  the 
State's  residents  is  threatened  or  adversely  affected  by  State  or 
local  governments  or  private  entities  that  violate  this  statute.  At- 
torneys General  may  seek  to  enjoin  the  act  or  practice,  enforce 
compliance  with  the  regulation,  obtain  limited  civil  penalties  of 
$11,000  per  violation  not  to  exceed  a  total  of  $5,000,000,  or  other 
appropriate  legal  and  equitable  relief. 

In  addition,  this  bill  would  give  individuals  limited  standing  to 
sue  a  Federal  agency  for  violations  of  prohibitions  and  require- 
ments established  under  this  bill.  An  individual  would  be  allowed 
to  sue  a  Federal  agency  in  a  United  States  district  court  only  if  the 
individual's  SSN  was  involved  in  the  violation.  The  individual 
would  only  be  allowed  to  sue  for  injunctive  relief  and  actual  dam- 
ages, and  could  recover  attorney's  fees  and  costs  of  the  action. 

REASON  FOR  CHANGE 

The  SSN  is  widely  used  throughout  the  public  and  private  sec- 
tors. Some  uses  are  authorized  or  required  under  law,  others  are 
to  facilitate  data-matching  and  record-keeping,  and  still  others  are 
simply  for  the  sake  of  convenience.  The  development  of  coordinated 
regulations  regarding  SSN  sale,  purchase,  and  display  across  such 
diverse  agencies  and  businesses  makes  it  necessary  to  centralize 
regulatory  authority  with  SSA  (which  is  responsible  for  issuing 
SSNs). 

In  addition,  to  address  concerns  that  the  limited  statutory  list  of 
exceptions  does  not  enumerate  all  instances  in  which  the  sale,  pur- 
chase, and  display  of  SSNs  may  be  essential  and  irreplaceable  for 
government  and  business  transactions,  the  Commissioner  would  be 
given  authority  to  authorize  the  sale,  purchase  or  display  to  the 
general  public  of  SSNs.  The  bill  provides  guidelines  to  ensure  SSNs 
are  exchanged  only  when  there  is  no  other  alternative  that  could 
reasonably  accomplish  the  objective,  and  with  due  consideration  for 
the  unintended  and  potentially  harmful  consequences  to  individ- 
uals, government  agencies,  and  businesses  that  may  result. 

SSNs  are  used  widely  in  government  and  the  private  sectors  for 
many  diverse  purposes,  and  in  industry  sectors  that  maybe  over- 
seen by  their  own  regulatory  bodies,  such  as  the  financial  services 
industry.  To  most  effectively  issue  regulations  that  address  these 
various  concerns,  the  Commissioner  has  the  authority  to  delegate, 
by  regulation,  rulemaking  and  enforcement  of  these  provisions  to 
other  agencies.  Agencies  tasked  with  this  authority  may  be  better 
suited  to  issue  and  enforce  regulations  within  the  domain  of  their 
jurisdiction  and  expertise. 
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This  bill  would  encourage  private  sector  entities  to  change  their 
business  practices  to  reduce  reliance  on  the  SSN.  As  business  mod- 
els change  and  as  research  progresses  to  employ  authentication  de- 
vices other  than  the  SSN,  the  regulations  should  be  reviewed  and 
revised  as  appropriate  to  ensure  that  the  regulations  meet  the 
goals  of  this  bill.  To  ensure  that  the  regulations  authorized  by  the 
Commissioner  are  consistent  with  the  goals  of  this  statute,  any 
final  regulation  issued  under  the  regulator's  general  exemption  au- 
thority will  expire  five  years  after  its  effective  date.  This  provision 
ensures  that  regulations  issued  under  this  bill  will  undergo  regular 
and  consistent  reviews  to  ensure  that  the  regulations  effectively 
and  functionally  limit  the  sale,  purchase  and  display  of  the  SSN  in 
the  private  sector  and  discourage  excessive  use  of  and  reliance  on 
the  SSN.  The  GAO  assessment  would  also  provide  Congress  and 
regulators  the  opportunity  to  review  the  effectiveness  of  regulations 
granting  permissible  sale,  purchase  and  display  of  SSNs  and  the 
extent  to  which  they  are  consistent  with  the  purpose  of  this  bill. 

State  Attorneys  General  would  assist  in  enforcement  efforts 
under  this  bill  through  civil  actions.  As  in  other  areas  of  Federal 
law,  State  Attorneys  General  can  support  compliance  with  Federal 
law  by  supplementing  the  enforcement  resources  of  Federal  agen- 
cies, and  they  are  well-positioned  to  be  aware  of  unlawful  acts  and 
practices  in  their  states.  State  Attorneys  General  would  be  re- 
quired to  inform  SSA  and  the  U.S.  Attorney  General  of  any  en- 
forcement actions  they  intend  to  undertake,  and  State  action  would 
be  precluded  where  the  Federal  government  has  initiated  a  crimi- 
nal proceeding. 

Federal  agencies,  like  State  and  local  governments,  have  unique 
and  frequent  access  to  SSNs.  Federal  agencies  are  commonly  re- 
quired by  law  to  use  the  SSN  as  an  identifier  and  often  use  the 
SSN  for  record-keeping  purposes  in  the  administration  of  govern- 
ment benefits.  Therefore,  it  is  just  as  important  for  Federal  agen- 
cies to  protect  the  confidentiality  of  the  SSN,  as  well  as  limit  its 
sale  and  display,  as  it  is  for  State  and  local  government  agencies. 
This  bill  would  strengthen  enforcement  against  Federal  agencies 
that  are  not  in  compliance  with  the  bill  by  allowing  individuals  to 
take  action  against  Federal  agencies  in  limited  situations  where 
they  may  be  harmed. 

EFFECTIVE  DATE 

The  regulatory  authority  would  be  effective  upon  enactment. 

Sec.  14.  Study  on  feasibility  of  banning  Social  Security  account 
number  as  an  authenticator 

CURRENT  LAW 

No  provision. 

EXPLANATION  OF  PROVISION 

This  bill  would  direct  the  Commissioner  of  Social  Security  to 
enter  into  an  arrangement  with  the  National  Research  Council  for 
the  Council  to  conduct  a  study  to  determine  the  extent  to  which 
SSNs  are  used  as  a  primary  means  of  authenticating  identity  and 
the  extent  to  which  SSNs  are  used  for  verification  in  commercial 
transactions.  It  would  also  require  the  Council  to  determine  the 
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feasibility  of  prohibiting  use  of  the  SSN  as  an  authenticator  and 
possible  alternatives  to  the  SSN  for  verification  purposes  and  uses 
in  authenticating  identity. 

REASON  FOR  CHANGE 

Identity  theft  is  facilitated  by  the  fact  that  the  SSN  is  used  by 
business  and  governments  as  an  identifier,  to  distinguish  one  per- 
son from  another,  as  well  as  an  authenticator,  or  evidence  that  a 
person  is  who  they  say  they  are.  This  insecure  practice  is  analo- 
gous to  someone  using  the  same  element  for  their  user  ID  as  for 
their  password  in  order  to  gain  access  to  a  computer  network.  At 
a  hearing  before  the  Subcommittee  on  Social  Security,  a  witness  for 
the  Association  for  Computing  Machinery  explained  that  knowl- 
edge of  an  SSN  is  not  sufficient  to  reliably  authenticate  any  party 
in  a  transaction,  but  this  use  is  commonplace. 

While  some  businesses  have  begun  to  discontinue  the  use  of 
SSNs  as  passwords  on  their  phone  and  online  accessible  networks, 
many  businesses  still  depend  on  the  SSN  as  an  authenticator  of 
identity.  This  practice  continues  to  make  the  SSN  a  primary  in- 
strument of  identity  theft,  since  once  the  SSN  is  acquired,  access 
to  an  individual's  sensitive  information  is  easily  obtainable.  When 
the  SSN  is  used  as  a  password,  a  cancelled  check  and  an  SSN  can 
provide  a  criminal  sufficient  information  to  gain  access  to  a  per- 
son's account  online  or  by  phone. 

This  provision  authorizes  the  Commissioner  to  arrange  for  the 
National  Research  Council  to  conduct  a  study  on  the  prevalence  of 
this  practice  and  whether  it  can  be  reduced.  The  Committee  also 
intends  that  the  examination  of  possible  alternatives  to  SSNs  for 
verification  purposes  and  uses  in  authenticating  identity  include 
the  last  four  digits  of  the  SSN. 

EFFECTIVE  DATE 

Under  its  arrangement  with  the  Commissioner,  the  Council 
would  be  required  to  submit  a  report  to  the  Commissioner  and  to 
each  House  of  the  Congress  no  later  than  one  year  after  the  effec- 
tive date  of  the  initial  final  regulations  issued  under  section  2  of 
the  bill  (that  is,  three  and  one-half  years  after  enactment). 

III.  VOTES  OF  THE  COMMITTEE 

In  compliance  with  clause  3(b)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives,  the  following  statements  are  made  con- 
cerning the  vote  of  the  Committee  on  Ways  and  Means  in  its  con- 
sideration of  the  bill,  H.R.  3046. 

MOTION  TO  REPORT  THE  BILL 

The  bill,  H.R.  3046,  as  amended,  was  ordered  favorably  reported 
by  a  rollcall  vote  of  41  yeas  to  0  nays  (with  a  quorum  being 
present).  The  vote  was  as  follows: 

Representatives  Yea         Nay        Present  Representative  Yea         Nay  Present 

Mr.  Rangel    X    Mr.  McCrery   X   

Mr.  Stark   X    Mr.  Herger   X   

Mr.  Levin    X    Mr.  Camp    X   

Mr.  McDermott    X    Mr.  Ramstad    X   

Mr.  Lewis  (GA)    X    Mr.  Johnson    X   
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Representatives  Yea 

Mr.  Neal    X 

Mr.  McNulty   X 

Mr.  Tanner    X 

Mr.  Becerra    X 

Mr.  Doggett    X 

Mr.  Pomeroy    X 

Mrs.  Tubbs  Jones    X 

Mr.  Thompson    X 

Mr.  Larson   X 

Mr.  Emanuel    X 

Mr.  Blumenauer    X 

Mr.  Kind    X 

Mr.  Pascrell   X 

Ms.  Berkley    X 

Mr.  Crowley    X 

Mr.  Van  Hollen    X 

Mr.  Meek    X 

Ms.  Schwartz    X 

Mr.  Davis  (AL)   X 


Nay 


Present 


Representative  Yea 

Mr.  English   X 

Mr.  Weller   X 

Mr.  Hulshof   .'   X 

Mr.  Lewis  (KY)   X 

Mr.  Brady    X 

Mr.  Reynolds    X 

Mr.  Ryan   X 

Mr.  Cantor   X 

Mr.  Linder   X 

Mr.  Nunes   X 

Mr.  Tiberi   X 

Mr.  Porter    X 


Nay 


IV.  BUDGET  EFFECTS  OF  THE  BILL 

A.  Committee  Estimate  of  Budgetary  Effects 

In  compliance  with  clause  3(d)(2)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives,  the  following  statement  is  made  con- 
cerning the  effects  on  the  budget  of  this  bill,  H.R.  3046,  as  amend- 
ed and  reported:  The  Committee  agrees  with  the  estimate  prepared 
by  the  Congressional  Budget  Office  (CBO),  which  is  included  below. 

B.  Statement  Regarding  New  Budget  Authority  and  Tax 

Expenditures 

In  compliance  with  clause  3(c)(2)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives,  the  Committee  states  that  H.R.  3046 
does  not  include  any  new  budget  authority  or  tax  expenditures. 

C.  Cost  Estimate  Prepared  by  the  Congressional  Budget 

Office 

In  compliance  with  clause  3(c)(3)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives,  requiring  a  cost  estimate  prepared  by 
the  Congressional  Budget  Office,  the  following  report  by  CBO  is 
provided: 

U.S.  Congress, 
Congressional  Budget  Office, 

Washington,  DC,  July  30,  2007. 

Hon.  Charles  B.  Rangel, 

Chairman,  Committee  on  Ways  and  Means, 

House  of  Representatives,  Washington,  DC. 

Dear  Mr.  Chairman:  The  Congressional  Budget  Office  has  pre- 
pared the  enclosed  cost  estimate  for  H.R.  3046,  the  Social  Security 
Number  Privacy  and  Identity  Theft  Prevention  Act  of  2007. 

If  you  wish  further  details  on  this  estimate,  we  will  be  pleased 
to  provide  them.  The  CBO  staff  contacts  are  Sheila  Dacey  (for  fed- 
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eral  costs),  Lisa  Ramirez-Branum  (for  the  state  and  local  impact), 
and  Paige  Piper-Bach  (for  the  private-sector  impact). 
Sincerely, 

Robert  A.  Sunshine 
(For  Peter  R.  Orszag,  Director). 

Enclosure. 

H.R.  3046 — Social  Security  Number  Privacy  and  Identity  Theft  Pre- 
vention Act  of  2007 

Summary:  H.R.  3046  would  provide  new  safeguards  for  the  use 
of  Social  Security  numbers  (SSNs)  and  penalties  for  SSN  misuse. 
The  bill  would: 

•  Bar  the  sale,  purchase,  or  display  of  the  SSN  in  both  the 
public  and  private  sectors,  with  certain  exceptions; 

•  Prohibit  the  display  of  SSNs  (including  magnetic  strips  or 
bar  codes  that  contain  them)  on  government  checks,  employer- 
issued  identification  cards  or  tags,  and  Medicare  cards; 

•  Require  government  and  private  entities  to  limit  access  to 
SSNs  and  assure  that  they  have  safeguards  to  prevent 
breaches  of  confidentiality; 

•  Require  the  Government  Accountability  Office  (GAO)  and 
the  Social  Security  Administration  (SSA)  to  study  the  effective- 
ness of  regulations  related  to  this  bill  and  the  feasibility  of  ad- 
ditional safeguards;  and 

•  Create  or  expand  civil  and  criminal  penalties  for  SSN  mis- 
use. 

Enacting  H.R.  3046  could  affect  direct  spending  and  revenues, 
but  CBO  estimates  that  any  such  effects  would  not  be  significant. 
Complying  with  the  bill's  standards  would  cause  federal  agencies 
to  incur  additional  administrative  expenses.  Those  costs — which 
CBO  estimates  at  $43  million  over  the  2008-2012  period— would 
generally  come  from  agencies'  salary  and  expense  budgets,  which 
are  subject  to  annual  appropriation. 

H.R.  3046  contains  a  number  of  intergovernmental  mandates  as 
defined  in  the  Unfunded  Mandates  Reform  Act  (UMRA),  including 
limitations  on  the  sale,  display,  and  use  of  SSNs  by  state,  local, 
and  tribal  governments.  CBO  estimates  that  the  aggregated  costs 
of  complying  with  those  mandates  would  probably  exceed  the 
threshold  established  in  UMRA  for  intergovernmental  mandates 
($66  million  in  2007,  adjusted  annually  for  inflation)  in  at  least  one 
of  the  first  five  years  that  the  mandates  are  in  effect. 

H.R.  3046  also  would  impose  private-sector  mandates  as  defined 
in  UMRA.  CBO  cannot  determine  whether  the  aggregate  direct 
costs  of  complying  with  those  mandates  would  exceed  the  annual 
threshold  for  private-sector  mandates  established  by  UMRA  ($131 
million  in  2007,  adjusted  annually  for  inflation)  because  such  costs 
would  depend  on  the  specific  regulations  that  would  be  issued 
under  the  bill. 

Estimated  cost  to  the  Federal  Government:  The  estimated  budg- 
etary impact  of  H.R.  3046  is  shown  in  the  following  table.  The  costs 
of  the  legislation  fall  primarily  in  budget  functions  050  (national 
defense),  570  (Medicare),  650  (Social  Security),  and  700  (veterans 
benefits  and  services),  but  could  affect  numerous  other  budget  func- 
tions as  well.  As  explained  below,  CBO  cannot  estimate  some  po- 
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tential  costs  in  cases  where  agencies  do  not  yet  know  how  they 
would  implement  certain  provisions. 

Basis  of  estimate:  Federal  agencies  already  comply,  or  are  mov- 
ing to  comply,  with  most  requirements  of  H.R.  3046.  The  bill's 
budgetary  effects  would  stem  from  a  few  provisions  that  would 
change  agencies'  practices  or  assign  new  enforcement  responsibil- 
ities. For  this  estimate,  CBO  assumes  that  the  bill  will  be  enacted 
in  the  fall  of  2007. 

Spending  subject  to  appropriation 

CBO  estimates  that  implementing  H.R.  3046  would  cost  $43  mil- 
lion over  the  2008-2012  period,  assuming  that  the  necessary 
amounts  will  be  appropriated  near  the  start  of  each  fiscal  year  and 
that  spending  will  follow  historical  patterns  for  similar  activities. 


By  fiscal  year, 

in  millions  of  dollars — 

2008  2009 

2010 

2011 

2012 

CHANGES  IN  SPENDING  SUBJECT  TO 

APPROPRIATION 1 

Prohibiting  Display  of  SSN  on  Government  ID  Tags  or  Cards: 

Estimated  Authorization  Level   

16 

6 

10 

10 

Estimated  Outlays   

11  5 

5 

10 

10 

Regulation  and  Enforcement: 

Estimated  Authorization  Level   

1 

* 

* 

* 

Estimated  Outlays   

1 

Studies: 

Estimated  Authorization  Level   

1 

* 

Estimated  Outlays  .;  

1 

Total  Changes: 

Estimated  Authorization  Level   

17 

7 

10 

10 

Estimated  Outlays   

12  5 

6 

10 

10 

'Enacting  H.R.  3046  also  could  affect  direct  spending  and  revenues,  but  CBO  estimates  that  any  such  effects  would  not  be  significant. 
Note. — SSN  =  Social  Security  number;  *  =  less  than  $500,000. 


Prohibiting  Display  of  SSN  on  ID  Tags  or  Cards.  The  bill 
would  prohibit  government  agencies  from  displaying  SSNs  (includ- 
ing magnetic  strips  or  bar  codes  that  contain  them)  on  certain  gov- 
ernment-issued identification  cards  or  tags.  Government  agencies 
could  not  display  an  SSN  on  employee,  student,  or  patient  identi- 
fication tags  or  on  Medicare  cards.  The  requirement  would  affect 
cards  or  tags  issued  one  year  after  the  date  of  enactment,  or  in  the 
case  of  Medicare  cards,  two  and  one-half  years  after  enactment.  In 
total,  CBO  estimates  that  implementing  the  provision  would  cost 
$41  million  over  the  2008-2012  period,  subject  to  the  availability 
of  appropriated  funds.  The  estimated  costs  to  major  agencies  are 
described  below. 

Department  of  Defense.  The  Geneva  Convention  calls  for  military 
personnel  to  have  a  number  displayed  on  their  identification  cards, 
and  the  Department  of  Defense  (DoD)  has  chosen  to  use  the  SSN. 
Under  the  bill,  DoD  would  have  to  revamp  its  records  and  cards 
to  use  another  unique  identifier  for  6.5  million  personnel.  Based  on 
information  from  DoD,  CBO  estimates  that  implementing  this  pro- 
vision would  cost  $2  million  over  the  2008-2009  period,  assuming 
the  availability  of  appropriated  funds.  Subsequent  ongoing  costs 
would  be  negligible. 

Veterans  Affairs.  The  bill  would  prohibit  the  Department  of  Vet- 
erans Affairs  (VA)  from  using  a  patient's  SSN  on  the  identity  cards 
or  tags  used  by  its  medical  facilities.  Based  on  information  from  the 
department,  CBO  estimates  that  it  would  cost  $9  million  to  make 
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the  necessary  changes  to  its  computer  systems.  In  addition,  VA 
would  plan  to  replace  older,  but  still  valid,  cards  at  a  cost  of  $5  mil- 
lion. Assuming  appropriation  of  the  estimated  amounts,  CBO  esti- 
mates that  VA  would  spend  $10  million  in  2008  and  $4  million  in 
2009  to  implement  the  requirement. 

Medicare.  The  Medicare  program  uses  the  SSN  as  the  basis  of  its 
Health  Insurance  Claim  Number  and  displays  that  number  on  the 
Medicare  card.  Over  42  million  Medicare  beneficiaries  have  a  Medi- 
care card  and  several  million  new  beneficiaries  are  added  to  the 
Medicare  rolls  annually. 

Under  H.R.  3046,  CBO  assumes  that  the  Centers  for  Medicare 
and  Medicaid  Services  (CMS)  would  continue  to  use  the  SSN-based 
claim  number  to  process  and  pay  claims,  but  would  remove  the 
number  from  the  Medicare  card.  CBO  estimates  that  CMS  would 
increase  spending  on  beneficiary  outreach  and  provider  education 
in  2009,  but  that  such  costs  would  total  less  than  $500,000.  In 
2010,  CMS  would  begin  to  issue  Medicare  cards  that  do  not  display 
a  claim  number  to  new  enrollees  and  beneficiaries  who  request  a 
replacement  card.  CBO  estimates  that  it  would  cost  CMS  $5  mil- 
lion in  2010,  and  $10  million  in  each  of  fiscal  years  2011  and  2012 
to  implement  the  changes.  The  bulk  of  the  new  costs  would  stem 
from  handling  additional  inquiries  from  beneficiaries  and  providers 
who  would  be  confused  by  the  change.  Based  on  information  pro- 
vided by  CMS  and  SSA,  CBO  estimates  that  up  to  10  million  bene- 
ficiaries would  be  affected  by  the  change  annually  and  that  10  per- 
cent of  them  would  contact  the  agencies  with  questions.  In  addi- 
tion, the  agencies  would  incur  small  costs  for  replacement  cards  for 
beneficiaries  who  request  them. 

CMS  could  choose  to  adopt  a  different  strategy  and  change  the 
claim  number  so  that  it  is  no  longer  based  on  the  SSN.  That  strat- 
egy would  require  changes  to  CMS  computer  systems  that  would 
be  more  expensive  than  removing  the  claim  number  from  the  card. 

Regulation  and  Enforcement.  The  Social  Security  Administra- 
tion would  take  the  lead  in  drafting  regulations  to  govern  compli- 
ance with  the  new  law  in  both  the  public  and  private  sectors  and 
would  prosecute  violations.  CBO  estimates  the  agency's  new  tasks 
would  cost  $1  million  in  2008,  assuming  the  availability  of  appro- 
priated funds.  Costs  would  be  less  than  $500,000  in  other  years. 

Some  additional  costs  are  likely,  however.  H.R.  3046  would  re- 
quire all  federal  agencies  to  demonstrate  to  SSA  that  they  allow  ac- 
cess only  to  employees  who  need  SSNs  to  carry  out  their  statutory 
responsibilities  and  have  safeguards  to  prevent  unauthorized  ac- 
cess and  breaches  of  confidentiality.  That  provision  would  apply  to 
all  SSNs  in  the  agencies'  possession,  including  paper  records.  Its 
implications  for  contractors  (who  handle  key  responsibilities,  espe- 
cially in  the  areas  of  welfare  and  child  support  enforcement)  are 
unclear.  According  to  GAO,  every  federal  agency  uses  the  SSN  in 
some  way.  CBO  cannot  estimate  the  cost  of  this  provision  to  SSA 
or  to  other  agencies  because  it  would  depend  on  SSA's  approach  to 
implementing  the  bill's  requirements. 

Studies.  H.R.  3046  would  authorize  two  new  studies.  It  would 
require  the  Commissioner  of  SSA  to  contract  with  the  National  Re- 
search Council  to  study  the  feasibility  of  banning  the  SSN  as  a  pri- 
mary means  of  authenticating  identity.  It  also  would  require  GAO 
to  conduct  a  review  of  the  effectiveness  of  the  regulations  issued 
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pursuant  to  this  legislation  and  report  on  the  results.  CBO  esti- 
mates that  the  combined  cost  of  the  studies  would  total  about  $1 
million  in  2010,  but  would  be  less  than  $500,000  in  other  years. 

Direct  spending  and  revenues 

Implementing  H.R.  3046  could  affect  direct  spending  and  reve- 
nues, but  CBO  estimates  that  any  such  effects  would  not  be  signifi- 
cant. 

Civil  Actions.  H.R.  3046  would  permit  individuals  to  sue  the 
federal  government  in  federal  district  court  for  violations  relating 
to  the  privacy  of  SSNs.  Under  the  bill,  if  a  plaintiff  prevailed  in 
such  lawsuit,  payment  for  damages  and  attorneys  fees  would  be 
made  by  the  Treasury's  Judgment  Fund.  Payments  from  that  fund 
are  considered  increases  in  direct  spending.  Considering  current 
governmentwide  practices  regarding  privacy  and  identity  theft, 
CBO  estimates  that  enacting  H.R.  3046  would  lead  to  an  increase 
in  the  number  of  civil  actions  against  the  government  and  an  in- 
crease in  direct  spending  to  pay  claims,  but  that  such  costs  would 
likely  be  less  than  $500,000  in  each  year. 

Civil  and  Criminal  Penalties.  H.R.  3046  could  increase  federal 
revenues  and  direct  spending  as  a  result  of  the  collection  of  addi- 
tional civil  and  criminal  penalties  assessed  for  misuse  of  SSNs.  Col- 
lections of  civil  penalties  are  recorded  in  the  budget  as  revenues 
and  deposited  in  the  Treasury.  Collections  of  criminal  penalties  are 
recorded  as  revenues,  deposited  in  the  Crime  Victims  Fund,  and 
later  spent.  CBO  estimates  that  any  additional  revenues  and  direct 
spending  would  not  be  significant  because  of  the  relatively  small 
number  of  cases  likely  to  be  involved. 

Child  Support  Enforcement.  Requiring  government  agencies 
to  remove  SSNs  from  checks  could  raise  administrative  costs  to  the 
child  support  enforcement  (CSE)  program  and/or  delay  distribution 
of  collections.  Many  states  currently  use  SSNs  as  their  primary 
identifier  when  distributing  child  support,  and  the  federal  govern- 
ment covers  the  bulk  of  states'  costs  for  administering  CSE.  CBO 
expects  that  the  bill's  requirement  would  have  an  additional  cost 
to  the  federal  government  but  that  cost  would  be  small  because  of 
the  widespread  and  increasing  use  of  electronic  funds  transfers  to 
distribute  payments  rather  than  checks. 

Estimated  impact  on  state,  local,  and  tribal  governments:  H.R. 
3046  contains  a  number  of  intergovernmental  mandates  as  defined 
in  UMRA.  Specifically,  the  bill  would  restrict  or  prohibit  govern- 
ment agencies  from: 

•  Selling  or  displaying  SSNs  that  have  been  disclosed  to  the 
agency  because  of  a  mandatory  requirement  (applies  only  to 
documents  issued  after  the  requirements  become  effective); 

•  Displaying  SSNs  on  checks  or  check  stubs; 

•  Placing  SSNs  on  student  or  employee  identification  cards 
or  coding  them  into  magnetic  strips  or  bar  codes  on  those  docu- 
ments; and 

•  Allowing  prisoners  access  to  SSNs  of  other  individuals. 
The  bill  also  would  require  state  and  local  governments  to  re- 
strict access  to  SSNs  and  their  derivatives  to  employees  whose  ac- 
cess is  essential  to  effective  administration  of  programs.  In  addi- 
tion, the  governments  would  have  to  implement  safeguards  to  pre- 
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elude  unauthorized  access  to  SSNs  and  their  derivatives  and  to 
protect  individual  confidentiality. 

While  state  and  local  governments  have  taken  steps  to  reduce 
the  use  of  SSNs,  many  continue  to  use  them  for  a  variety  of  pur- 
poses. Based  on  information  from  GAO  and  from  state  and  local  of- 
ficials, CBO  estimates  that  the  costs  of  complying  with  the  man- 
dates in  the  bill  would  probably  exceed  the  intergovernmental 
threshold  established  in  UMRA  ($66  million  in  2007,  adjusted  an- 
nually for  inflation)  in  at  least  one  of  the  first  five  years  the  man- 
dates are  in  effect. 

The  bill  would  allow  exceptions  for  the  display  or  sale  of  SSNs 
when  such  use  or  display  is  authorized  by  the  Social  Security  Act, 
necessary  for  law  enforcement,  national  security  or  tax  law  pur- 
poses, done  in  compliance  with  certain  motor  vehicle  laws,  or  used 
for  consumer  reporting  practices  and  nonmarket  research  for  ad- 
vancing the  public  good.  The  bill's  restrictions  on  the  sale  or  dis- 
play (which  includes  Internet  transmissions  that  are  not  encrypted 
or  otherwise  secured)  of  SSNs  would  be  prospective,  and  would  not 
require  state  and  local  governments  to  redact  SSNs  from  existing 
documents  that  are  publicly  available. 

However,  if  state  and  local  governments  do  not  currently  have  a 
system  in  place  to  safeguard  SSNs,  any  such  governments  would 
have  to  implement  a  new  system  for  handling  any  documents 
issued  when  the  regulations  become  effective  (up  to  two  and  a  half 
years  following  enactment).  If  state  or  local  governments  use  SSNs 
on  checks  and  check- stubs  as  part  of  their  recordkeeping  and  track- 
ing procedures,  they  would  have  to  alter  those  systems  and  remove 
the  SSNs.  They  also  would  have  to  implement  systems  for  remov- 
ing SSNs  from  many  documents  that  currently  include  SSNs  and 
that  are  available  to  the  public.  Likewise,  some  public  institutions 
of  higher  education  might  have  to  alter  their  document  systems  for 
identification  cards  or  tags  to  remove  SSNs  that  are  coded  elec- 
tronically onto  a  magnetic  strip  or  digitized  as  part  of  a  bar  code. 
Finally,  any  government  agency  that  uses  SSNs  would  have  to  im- 
plement safeguards  to  preclude  unauthorized  access  to  SSNs  and 
their  derivatives  and  to  protect  confidentiality. 

Because  of  the  large  number  of  governments  affected  by  these 
provisions  (particularly  municipal  governments),  even  small 
changes  to  existing  systems  would  result  in  total  costs  that  exceed 
the  threshold  established  in  UMRA.  There  are  over  75,000  munic- 
ipal governments,  so  even  small  one-time  costs — for  example,  as  lit- 
tle as  $5,000 — would  add  up  to  costs  over  $66  million  in  a  given 
year.  Counties  and  states,  on  the  other  hand,  while  fewer  in  num- 
ber (there  are  about  3,600  counties  in  the  United  States),  are  more 
dependent  on  SSNs  for  various  recordkeeping  and  identification 
purposes  and  would  thus  be  likely  to  face  significantly  higher  costs 
because  of  the  complexity  and  scope  of  their  recordkeeping  systems. 
(Some  counties  estimate  that  altering  their  systems  to  use  identi- 
fiers other  than  SSNs  or  to  eliminate  display  of  SSNs  would  result 
in  one-time  costs  ranging  from  $40,000  to  over  $1  million,  depend- 
ing on  the  county  and  the  scope  of  the  changes  that  would  need  to 
be  made). 

Estimated  impact  on  the  private  sector:  H.R.  3046  would  impose 
private-sector  mandates,  as  defined  in  UMRA,  on  certain  private 
entities.  CBO  cannot  determine  the  direct  costs  of  complying  with 
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those  mandates  because  such  costs  would  depend  on  the  specific 
regulations  that  would  be  issued  under  the  bill.  Consequently,  CBO 
cannot  determine  whether  the  aggregate  direct  costs  of  complying 
with  those  mandates  would  exceed  the  annual  threshold  for  pri- 
vate-sector mandates  established  by  UMRA  ($131  million  in  2007, 
adjusted  annually  for  inflation). 

The  bill  would  impose  private-sector  mandates  on  certain  private 
entities  by  generally  prohibiting  the  purchase,  sale,  or  display  of  an 
SSN  to  the  general  public,  including  on  the  Internet,  with  some  ex- 
ceptions. In  addition,  the  bill  would  establish  a  uniform  truncation 
standard  requiring  that  truncated  SSNs  be  limited  to  the  last  four 
digits  of  the  number.  Private  entities  also  would  be  prohibited 
from: 

•  Making  unnecessary  disclosures  of  another  individual's 
SSN  to  government  agencies; 

•  Displaying  an  SSN  on  checks; 

•  Displaying  an  SSN  on  cards  or  tags  issued  to  employees, 
family  members,  or  other  individuals;  and 

•  Displaying  an  SSN  on  any  card  or  tag  issued  to  another 
person  to  access  goods,  services,  or  benefits. 

Private  entities  that  maintain  SSNs  in  their  records  for  the  con- 
duct of  their  business  would  be  required  to  limit  access  to  those 
records  and  institute  safeguards  to  protect  the  confidentiality  of 
those  records.  The  Commissioner  of  Social  Security  would  be  re- 
quired to  issue  regulations  to  implement  the  requirements,  safe- 
guards, and  standards  imposed  by  the  bill.  The  direct  cost  to  pri- 
vate entities  of  complying  with  those  mandates  would  depend  on 
regulations  issued  under  the  bill. 

Previous  CBO  estimate:  On  May  25,  2007,  CBO  transmitted  a 
cost  estimate  for  H.R.  948,  the  Social  Security  Number  Protection 
Act  of  2007,  as  ordered  reported  by  the  House  Committee  on  En- 
ergy and  Commerce  on  May  10,  2007.  That  bill  has  similar  provi- 
sions regarding  the  sale,  purchase,  or  display  of  SSNs  by  entities 
in  the  private  sector,  but  fewer  requirements  on  government  agen- 
cies. CBO  estimated  that  H.R.  948  would  not  have  a  significant  im- 
pact on  spending  subject  to  appropriation. 

H.R.  948  also  contains  provisions  that  would  impose  intergovern- 
mental mandates  on  state  and  local  governments.  However,  be- 
cause the  Federal  Trade  Commission,  the  federal  agency  directed 
to  carry  out  the  provisions  relating  to  the  use  of  SSNs,  does  not 
have  jurisdiction  over  those  governments  or  public  universities,  the 
cost  of  mandates  in  H.R.  948  would  be  below  the  threshold  estab- 
lished in  UMRA. 

The  mandates  on  the  private  sector  in  H.R.  948  are  similar  to 
those  in  H.R.  3046,  except  that  the  Federal  Trade  Commission 
would  be  required — under  H.R.  948 — to  issue  the  regulations  pro- 
hibiting an  entity  in  the  private  sector  from  selling  or  purchasing 
a  Social  Security  number. 

Estimate  prepared  by:  Federal  Costs:  Social  Security  Administra- 
tion— Sheila  Dacey;  Veterans  Affairs — Sunita  D'Monte;  Treasury — 
Matthew  Pickford;  Defense — Jason  Wheelock.  Federal  Revenues: 
Emily  Schlect.  Impact  on  State,  Local,  and  Tribal  Governments: 
Lisa  Ramirez-Branum.  Impact  on  the  Private  Sector:  Paige  Piper- 
Bach,  Ralph  Smith. 
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Estimate  approved  by:  Peter  H.  Fontaine,  Deputy  Assistant  Di- 
rector for  Budget  Analysis. 

V.  OTHER  MATTERS  TO  BE  DISCUSSED  UNDER  THE 
RULES  OF  THE  HOUSE 

A.  Committee  Oversight  Findings  and  Recommendations 

With  respect  to  clause  3(c)(1)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives  (relating  to  oversight  findings),  the  Com- 
mittee, based  on  public  hearing  testimony,  concludes  that  it  is  ap- 
propriate and  timely  to  consider  the  bill  as  reported. 

B.  Earmarks  and  Tax  and  Tariff  Benefits 

With  respect  to  clause  9  of  rule  XXI  of  the  Rules  of  the  House, 
H.R.  3046,  as  amended,  does  not  contain  any  Congressional  ear- 
marks, limited  tax  benefits,  or  limited  tariff  benefits  as  defined  in 
clause  9(d),  9(e),  or  9(f)  of  rule  XXI. 

C.  Constitutional  Authority  Statement 

With  respect  to  clause  (3)(d)(l)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives,  relating  to  Constitutional  Authority,  the 
Committee  states  that  the  Committee's  action  in  reporting  the  bill 
is  derived  from  Article  I  of  the  Constitution,  Section  8  ("The  Con- 
gress shall  have  power  to  lay  and  collect  taxes,  duties,  imposts,  and 
excises,  to  pay  the  debts  and  to  provide  for  *  *  *  the  general  Wel- 
fare of  the  United  States.") 

D.  Information  Relating  to  Unfunded  Mandates 

This  information  is  provided  in  accordance  with  Section  423  of 
the  Unfunded  Mandates  Reform  Act  of  1995  (P.L.  104-4). 

The  Committee  has  determined  that  the  bill  does  impose  a  Fed- 
eral intergovernmental  mandate  on  State,  local,  or  tribal  govern- 
ments. The  Committee  has  determined  that  the  bill  does  contain 
Federal  mandates  on  the  private  sector. 

VI.  CHANGES  IN  EXISTING  LAW  MADE  BY  THE  BILL,  AS 

REPORTED 

In  compliance  with  clause  3(e)  of  rule  XIII  of  the  Rules  of  the 
House  of  Representatives,  changes  in  existing  law  made  by  the  bill, 
as  reported,  are  shown  as  follows  (existing  law  proposed  to  be  omit- 
ted is  enclosed  in  black  brackets,  new  matter  is  printed  in  italic, 
existing  law  in  which  no  change  is  proposed  is  shown  in  roman): 

SOCIAL  SECURITY  ACT 


TITLE  II— FEDERAL  OLD-AGE,  SURVIVORS,  AND  DISABILITY 
INSURANCE  BENEFITS 
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EVIDENCE,  PROCEDURE,  AND  CERTIFICATION  FOR  PAYMENT 

Sec.  205.  (a)  *  *  * 

*  *****  * 

(c)(1)  *  *  * 
(2)(A)  *  *  * 

******* 
(C)(i)  *  *  * 

(x)(I)  A  governmental  entity  (as  defined  in  subclause  (X))  may  not 
sell  or  display  to  the  general  public  any  social  security  account 
number  if  such  number  has  been  disclosed  to  such  governmental  en- 
tity pursuant  to  the  assertion  by  such  governmental  entity  to  any 
person  that  disclosure  of  such  number  is  a  statutory  or  regulatory 
requirement.  Notwithstanding  the  preceding  sentence,  such  number 
may  be  sold  or  displayed  to  the  general  public  in  accordance  with 
the  exceptions  specified  in  subclauses  (II),  (III),  (TV),  (V),  (VI),  (VII), 
and  (VIII)  (and  for  no  other  purpose). 

(II)  Notwithstanding  subclause  (I),  a  social  security  account  num- 
ber may  be  sold  by  a  governmental  entity  to  the  extent  that  such 
sale  is  specifically  authorized  by  this  Act  or  the  Privacy  Act  of  1974. 

(III)  Notwithstanding  subclause  (I),  a  social  security  account 
number  may  be  sold  by  a  governmental  entity  to  the  extent  that  is 
necessary  or  appropriate  for  law  enforcement  or  national  security 
purposes,  as  determined  under  regulations  which  shall  be  issued  as 
provided  in  section  1129C. 

(IV)  Notwithstanding  subclause  (I),  a  social  security  account  num- 
ber may  be  sold  by  a  governmental  entity  to  the  extent  that  such 
sale  is  required  to  comply  with  a  tax  law  of  the  United  States  or 
of  any  State  (or  political  subdivision  thereofl. 

(V)  Notwithstanding  subclause  (I),  a  social  security  account  num- 
ber may  be  sold  by  a  State  department  of  motor  vehicles  as  author- 
ized under  subsection  (b)  of  section  2721  of  title  18,  United  States 
Code,  if  such  number  is  to  be  used  pursuant  to  such  sale  solely  for 
purposes  permitted  under  paragraph  (1),  (6),  or  (9)  of  such  sub- 
section. 

(VI)  Notwithstanding  subclause  (I),  a  social  security  account  num- 
ber may  be  sold  or  otherwise  made  available  by  a  governmental  en- 
tity to  a  consumer  reporting  agency  (as  defined  in  section  603(f)  of 
the  Fair  Credit  Reporting  Act  (15  U.S.C.  1681a(f)))  for  use  or  disclo- 
sure solely  for  permissible  purposes  described  in  section  604(a)  of 
such  Act  (15  U.S.C.  1681b(a)). 

(VII)  Notwithstanding  subclause  (I),  a  social  security  account 
number  may  be  sold  by  a  governmental  entity  to  the  extent  nec- 
essary for  research  (other  than  market  research)  conducted  by  any 
governmental  entity  for  the  purpose  of  advancing  the  public  good, 
on  the  condition  that  the  researcher  provides  adequate  assurances 
that  the  social  security  account  numbers  will  not  be  used  to  harass, 
target,  or  publicly  reveal  information  concerning  any  identifiable  in- 
dividuals, that  information  about  identifiable  individuals  obtained 
from  the  research  will  not  be  used  to  make  decisions  that  directly 
affect  the  rights,  benefits,  or  privileges  of  specific  individuals,  and 
that  the  researcher  has  in  place  appropriate  safeguards  to  protect 
the  privacy  and  confidentiality  of  any  information  about  identifiable 
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individuals,  including  procedures  to  ensure  that  the  social  security 
account  numbers  will  be  encrypted  or  otherwise  appropriately  se- 
cured from  unauthorized  disclosure.  In  the  case  of  medical  research, 
the  Commissioner  of  Social  Security  shall  maintain  ongoing  con- 
sultation with  the  Office  for  Civil  Rights  of  the  Department  of 
Health  and  Human  Services  to  ensure  that  the  sale  or  purchase  of 
social  security  account  numbers  which  constitute  personally  identifi- 
able medical  information  is  permitted  only  in  compliance  with  exist- 
ing Federal  rules  and  regulations  prescribed  by  the  Secretary  of 
Health  and  Human  Services  pursuant  to  section  264(c)  of  the 
Health  Insurance  Portability  and  Accountability  Act  of  1996  (110 
Stat.  2033). 

(VIII)  Notwithstanding  subclause  (I),  a  social  security  account 
number  may  be  sold  or  displayed  to  the  general  public  by  a  govern- 
mental entity  under  such  other  circumstances  as  may  be  specified 
in  regulations  issued  as  provided  in  section  1129C. 

(IX)  This  clause  does  not  apply  with  respect  to  a  social  security 
account  number  of  a  deceased  individual. 

(X)  For  purposes  of  this  clause,  the  term  "governmental  entity" 
means  an  executive,  legislative,  or  judicial  agency  or  instrumen- 
tality of  the  Federal  Government  or  of  a  State  or  political  subdivi- 
sion thereof,  a  Federally  recognized  Indian  tribe,  or  a  trustee  ap- 
pointed in  a  case  under  title  11,  United  States  Code.  Such  term  in- 
cludes a  person  acting  as  an  agent  of  such  an  agency  or  instrumen- 
tality, Indian  tribe,  or  trustee.  For  purposes  of  this  subclause,  the 
term  "State"  has  the  meaning  provided  in  subparagraph  (D)(iii)(II). 

(XI)  For  purposes  of  this  clause,  the  term  "sell"  means,  in  connec- 
tion with  a  social  security  account,  to  obtain,  directly  or  indirectly, 
anything  of  value  in  exchange  for  such  number.  Such  term  does  not 
include  the  submission  of  such  number  as  part  of  the  process  for  ap- 
plying for  any  type  of  Government  benefits  or  programs  (such  as 
grants,  loans,  or  welfare  or  other  public  assistance  programs)  or  as 
part  of  the  administration  of,  or  provision  of  benefits  under,  an  em- 
ployee benefit  plan. 

(XII)  For  purposes  of  this  clause,  the  term  "display  to  the  general 
public"  shall  have  the  meaning  provided  such  term  in  section 
208A(a)(3)(A).  In  any  case  in  which  a  governmental  entity  requires 
transmittal  to  such  governmental  entity  of  an  individual's  social  se- 
curity account  number  by  means  of  the  Internet  without  ensuring 
that  such  number  is  encrypted  or  otherwise  appropriately  secured 
from  disclosure,  any  such  transmittal  of  such  number  as  so  required 
shall  be  treated,  for  purposes  of  this  clause,  as  a  "display  to  the  gen- 
eral public"  of  such  number  by  such  governmental  entity  for  pur- 
poses of  this  clause. 

(XIII)  For  purposes  of  this  clause,  the  term  "social  security  ac- 
count number"  includes  any  derivative  of  such  number.  Notwith- 
standing the  preceding  sentence,  any  expression,  contained  in  or  on 
any  item  sold  or  displayed  to  the  general  public,  shall  not  be  treated 
as  a  social  security  account  number  solely  because  such  expression 
sets  forth  not  more  than  the  last  4  digits  of  such  number,  if  the  re- 
mainder of  such  number  cannot  be  determined  based  solely  on  such 
expression  or  any  other  matter  presented  in  or  on  such  item. 

(XIV)  Nothing  in  the  preceding  subclauses  of  this  clause  shall  be 
construed  as  superseding,  altering,  or  affecting  any  statute,  regula- 
tion, order,  or  interpretation  in  effect  under  any  other  Federal  or 
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State  law,  except  to  the  extent  that  such  statute,  regulation,  order, 
or  interpretation  is  inconsistent  with  such  subclauses,  and  then  only 
to  the  extent  of  the  inconsistency.  For  purposes  of  this  subclause,  a 
statue,  regulation,  order,  or  interpretation  is  not  inconsistent  with 
the  preceding  subclauses  of  this  clause  if  the  protection  such  statute, 
regulation,  order,  or  interpretation  affords  any  person  is  greater 
than  the  protection  provided  under  such  subclauses. 

(xi)  No  governmental  entity  (as  defined  in  clause  (x)(X))  may  in- 
clude the  social  security  account  number  of  any  individual  (or  any 
derivative  of  such  number)  on  any  check  issued  for  any  payment  by 
such  governmental  entity  or  on  any  document  attached  to  or  accom- 
panying such  a  check. 

(xii)  No  governmental  entity  (as  defined  in  clause  (x)(X)),  and  no 
other  person  offering  benefits  in  connection  with  an  employee  benefit 
plan  maintained  by  such  governmental  entity,  may  display  a  social 
security  account  number  (or  any  derivative  thereof)  on  any  card  or 
tag  that  is  commonly  provided — 

(I)  to  employees  of  such  governmental  entity, 

(II)  in  the  case  of  a  governmental  entity  which  is  an  edu- 
cational institution,  to  its  students,  or 

(III)  in  the  case  of  a  governmental  entity  which  is  a  medical 
institution,  to  its  patients, 

(or  to  their  family  members)  for  purposes  of  identification  or  include 
on  such  card  or  tag  a  magnetic  strip,  bar  code,  or  other  means  of 
communication  which  conveys  such  number  (or  derivative  thereof). 
The  requirements  of  this  clause  shall  also  apply  to  the  Medicare 
card  issued  by  the  Department  of  Health  and  Human  Services. 

(xiii)  No  governmental  entity  (as  defined  in  clause  (x)(X))  may  em- 
ploy, or  enter  into  a  contract  for  the  use  or  employment  of  prisoners 
in  any  capacity  that  would  allow  such  prisoners  access  to  the  social 
security  account  numbers  of  other  individuals  (or  any  derivatives  of 
such  numbers).  For  purposes  of  this  clause,  the  term  "prisoner" 
means  an  individual  confined  in  a  jail,  prison,  or  other  penal  insti- 
tution or  correctional  facility. 

(xiv)  Except  as  otherwise  provided  in  this  paragraph,  in  the  case 
of  any  governmental  entity  (as  defined  in  clause  (x)(X))  having  ac- 
cess to  an  individual's  social  security  account  number — 

(I)  no  officer  or  employee  thereof  shall  have  access  to  such 
number  for  any  purpose  other  than  the  effective  administration 
of  the  statutory  provisions  governing  its  functions, 

(II)  such  governmental  entity  shall  restrict,  to  the  satisfaction 
of  the  Commissioner  of  Social  Security,  access  to  social  security 
account  numbers  obtained  thereby  to  officers  and  employees 
thereof  whose  duties  or  responsibilities  require  access  for  the 
administration  or  enforcement  of  such  provisions,  and 

(III)  such  governmental  entity  shall  provide  such  other  safe- 
guards as  the  Commissioner  determines  to  be  necessary  or  ap- 
propriate to  preclude  unauthorized  access  to  the  social  security 
account  number  and  to  otherwise  protect  the  confidentiality  of 
such  number. 

For  purposes  of  this  clause  the  term  "social  security  account  num- 
ber" includes  any  derivative  thereof. 

(xv)  The  truncation  by  any  governmental  entity  (as  defined  in 
clause  (x)(X))  or  by  any  person  in  the  private  sector  of  an  individ- 
ual's social  security  account  number  which  is  used  by  such  govern- 
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mental  entity  or  person  otherwise  in  accordance  with  the  require- 
ments of  this  Act  shall  be  in  accordance  with  a  uniform  truncation 
standard  which  shall  be  specified  in  regulations  prescribed  by  the 
Commissioner  of  Social  Security.  Under  such  standard,  the  number 
as  truncated  shall  set  forth  not  more  than  the  last  4  digits  of  the 
number.  Nothing  in  this  clause  shall  be  construed  to  authorize  any 
use  of  the  social  security  account  number  which  is  not  otherwise  au- 
thorized by  this  title  or  regulations  prescribed  thereunder. 


PENALTIES 

Sec.  208.  (a)  Whoever— 
^-jj   *  *  * 

(8)  discloses,  uses,  or  compels  the  disclosure  of  the  social  se- 
curity number  of  any  person  in  violation  of  the  laws  of  the 
United  States;  or 

(9)  willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of 
section  208A(b)(l)(B); 

shall  be  guilty  of  a  felony  and  upon  conviction  thereof  [shall  be 
fined  under  title  18,  United  States  Code,  or  imprisoned  for  not 
more  than  five  years,  or  both.]  shall  be  fined,  imprisoned,  or  both, 
as  provided  in  subsection  (c). 
(b)(1)  Whoever— 

(A)  knowingly,  and  with  intent  to  commit,  or  to  aid  or  abet, 
any  activity  that  constitutes  a  violation  of  Federal  law,  or  a  vio- 
lation of  any  applicable  law  of  a  State  or  political  subdivision 
thereof  if  the  maximum  penalty  of  such  applicable  law  includes 
imprisonment  for  5  years  or  more — 

(i)  possesses  the  social  security  account  number  of  an- 
other person  without  lawful  authority,  or 

(ii)  possesses  a  social  security  card,  knowing  that  the  so- 
cial security  account  number  or  other  identifying  informa- 
tion displayed  on  the  card  has  been  altered,  counterfeited, 
or  forged  or  that  the  card  was  falsely  made,  stolen,  or  ob- 
tained from  the  Social  Security  Administration  by  use  of 
false  information; 

if  such  activity  is  committed,  or  aided  or  abetted,  with  intent 
to  use  such  social  security  account  number,  social  security  card, 
or  other  identifying  information  displayed  on  such  card  in  fur- 
therance of  such  violation; 

(B)  being — 

(i)  an  officer  or  employee  of  any  governmental  entity  (as 
defined  in  section  205(c)(2)(C)(x)(X)),  or 

(ii)  a  person  acting  as  an  agent  of  a  governmental  entity 
(as  so  defined), 

willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause 
(vi)(II),  (xi),  (xii),  or  (xv)  of  section  205(c)(2)(C); 

(C)  being  a  trustee  appointed  in  a  case  under  title  11,  United 
States  Code  (or  an  officer  or  employee  thereof  or  a  person  acting 
as  an  agent  thereof),  willfully  acts  or  fails  to  act  so  as  to  cause 
a  violation  of  clause  (xi)  or  (xv)  of  section  205(c)(2)(C);  or 

(D)  willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of 
subsection  (c),  (d),  (e),  or  (f)  of  section  208A  or,  as  a  person  in 
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the  private  sector,  willfully  acts  or  fails  to  act  so  as  to  cause  a 

violation  of  section  205(c)(2)(C)(xv); 
shall  be  guilty  of  a  misdemeanor  and  upon  conviction  thereof  shall 
be  fined  under  title  18,  United  States  Code,  or  imprisoned  for  not 
more  than  1  year,  or  both. 
(2)(A)  Whoever— 

(i)  with  intent  to  deceive,  discloses,  sells,  or  transfers  his  own 
social  security  account  number,  assigned  to  him  by  the  Commis- 
sioner of  Social  Security  (in  the  exercise  of  the  Commissioner's 
authority  under  section  205(c)(2)  to  establish  and  maintain 
records),  to  any  person; 

(ii)  without  lawful  authority,  offers,  for  a  fee,  to  acquire  for 
any  individual,  or  to  assist  in  acquiring  for  any  individual,  an 
additional  social  security  account  number  or  a  number  that  is 
purported  to  be  a  social  security  account  number; 

(Hi)  being — 

(I)  an  officer  or  employee  of  any  governmental  entity  (as 
defined  in  section  205(c)(2)(C)(x)(X)),  or 

(II)  a  person  acting  as  an  agent  of  a  governmental  entity 
(as  so  defined), 

willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause 
(x),  (xiii),  or  (xiv)  of  section  205(c)(2)(C); 

(iv)  being  a  trustee  appointed  in  a  case  under  title  11,  United 
States  Code  ( or  an  officer  or  employee  thereof  or  a  person  acting 
as  an  agent  thereof),  willfully  acts  or  fails  to  act  so  as  to  cause 
a  violation  of  clause  (x)  or  (xiv)  of  section  205(c)(2)(C);  or 

(v)  willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of 
subsection  (b)(1)(A)  or  (g)  of  section  208A; 

shall  be  fined,  imprisoned,  or  both,  as  provided  in  subparagraph 
(B). 

(B)  A  person  convicted  of  a  violation  described  in  subparagraph 
(A)  shall — 

(i)  be  fined  under  title  18,  United  States  Code,  imprisoned  not 
more  than  1  year,  or  both;  and 

(ii)  if  the  offense  is  committed  under  false  pretenses  or  for 
commercial  advantage,  personal  gain,  or  malicious  harm,  be 
fined,  imprisoned,  or  both,  as  provided  in  subsection  (c). 

(c)  A  person  convicted  of  a  violation  described  in  subsection  (a)  or 
a  violation  described  in  subsection  (b)(2)(A)  which  is  subject  to  sub- 
section (b)(2)(B)(ii)  shall  be — 

(1)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  5  years,  or  both,  in  the  case  of  an  initial  viola- 
tion, subject  to  paragraphs  (3)  and  (4), 

(2)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  10  years,  or  both,  in  the  case  of  a  violation  which 
occurs  after  a  prior  conviction  for  another  offense  under  sub- 
section (a)  becomes  final,  subject  to  paragraphs  (3)  and  (4), 

(3)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  20  years,  in  the  case  of  a  violation  which  is  com- 
mitted to  facilitate  a  drug  trafficking  crime  (as  defined  in  sec- 
tion 929(a)(2)  of  title  18,  United  States  Code)  or  in  connection 
with  a  crime  of  violence  (as  defined  in  section  924(c)(3)  of  title 
18,  United  States  Code)  involving  force  against  the  person  of 
another,  subject  to  paragraph  (4),  and 
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(4)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  25  years,  in  the  case  of  a  violation  which  is  com- 
mitted to  facilitate  an  act  of  international  or  domestic  terrorism 
(as  defined  in  paragraphs  (1)  and  (5),  respectively,  of  section 
2331  of  title  18,  United  States  Code). 
[(b)]  (d)(1)  Any  Federal  court,  when  sentencing  a  defendant  con- 
victed of  an  offense  under  subsection  (a)  or  (b),  may  order,  in  addi- 
tion to  or  in  lieu  of  any  other  penalty  authorized  by  law,  that  the 
defendant  make  restitution  to  the  victims  of  such  offense  specified 
in  paragraph  (4). 

[(c)  Any  person  or  other  entity  who  is  convicted  of  a  violation  of 
any  of  the  provisions  of  this  section,  if  such  violation  is  committed 
by  such  person  or  entity  in  his  role  as,  or  in  applying  to  become, 
a  certified  payee  under  section  205(j)  on  behalf  of  another  indi- 
vidual (other  than  such  person's  spouse),  upon  his  second  or  any 
subsequent  such  conviction  shall,  in  lieu  of  the  penalty  set  forth  in 
the  preceding  provisions  of  this  section,  be  guilty  of  a  felony  and 
shall  be  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  five  years,  or  both.] 

[(d)]  (e)  Any  individual  or  entity  convicted  of  a  felony  under  this 
section  or  under  section  1632(b)  may  not  be  certified  as  a  payee 
under  section  205(j).  For  the  purpose  of  subsection  (a)(7),  the  terms 
"social  security  number"  and  "social  security  account  number" 
mean  such  numbers  as  are  assigned  by  the  Commissioner  of  Social 
Security  under  section  205(c)(2)  whether  or  not,  in  actual  use,  such 
numbers  are  called  social  security  numbers. 

[(e)]  (f)(1)   *  *  * 

(g)(1)  Whoever  is  an  employee  of  the  Social  Security  Administra- 
tion and  knowingly  and  fraudulently  sells  or  transfers  one  or  more 
social  security  account  numbers  or  social  security  cards  shall,  upon 
conviction,  be  guilty  of  a  felony  and  fined  under  title  18,  United 
States  Code,  imprisoned  as  provided  in  paragraph  (2),  or  both. 

(2)  Imprisonment  for  a  violation  described  in  paragraph  ( 1)  shall 
be  for — 

(A)  not  more  than  5  years,  in  the  case  of  an  employee  of  the 
Social  Security  Administration  who  has  fraudulently  sold  or 
transferred  not  more  than  50  social  security  account  numbers 
or  social  security  cards, 

(B)  not  more  than  10  years,  in  the  case  of  an  employee  of  the 
Social  Security  Administration  who  has  fraudulently  sold  or 
transferred  more  than  50,  but  not  more  than  100,  social  secu- 
rity account  numbers  or  social  security  cards,  or 

( C)  not  more  than  20  years,  in  the  case  of  an  employee  of  the 
Social  Security  Administration  who  has  fraudulently  sold  or 
transferred  more  than  100  social  security  account  numbers  or 
social  security  cards. 

(3)  For  purposes  of  this  subsection — 

(A)  The  term  "social  security  employee"  means  any  State  em- 
ployee of  a  State  disability  determination  service,  any  officer, 
employee,  or  contractor  of  the  Social  Security  Administration, 
any  employee  of  such  a  contractor,  or  any  volunteer  providing 
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services  or  assistance  in  any  facility  of  the  Social  Security  Ad- 
ministration. 

(B)  The  term  "social  security  account  number"  means  a  social 
security  account  number  assigned  by  the  Commissioner  of  So- 
cial Security  under  section  205(c)(2)(B)  or  another  number  that 
has  not  been  so  assigned  but  is  purported  to  have  been  so  as- 
signed. 

(C)  The  term  "social  security  card"  means  a  card  issued  by 
the  Commissioner  of  Social  Security  under  section  205(c)(2)(G), 
another  card  which  has  not  been  so  issued  but  is  purported  to 
have  been  so  issued,  and  banknote  paper  of  the  type  described 
in  section  205(c)(2)(G)  prepared  for  the  entry  of  social  security 
account  numbers,  whether  fully  completed  or  not. 

PROHIBITION  OF  THE  SALE,  PURCHASE,  AND  DISPLAY  TO  THE  GENERAL 
PUBLIC  OF  THE  SOCIAL  SECURITY  ACCOUNT  NUMBER  IN  THE  PRI- 
VATE SECTOR 

Sec.  208A.  (a)  Definitions.— For  purposes  of  this  section: 

(1)  Person— 

(A)  In  GENERAL. — Subject  to  subparagraph  (B),  the  term 
"person"  means  any  individual,  partnership,  corporation, 
trust,  estate,  cooperative,  association,  or  any  other  entity. 

(B)  Exclusion  of  governmental  entities.— Such  term 
does  not  include  a  governmental  entity.  Nothing  in  this 
subparagraph  shall  be  construed  to  authorize,  in  connec- 
tion with  a  governmental  entity,  an  act  or  practice  other- 
wise prohibited  under  this  section  or  section  205(c)(2)(C). 

(2)  Selling  and  purchasing.— 

(A)  In  GENERAL. — Subject  to  subparagraph  (B) — 

(i)  SELL. — The  term  "sell"  in  connection  with  a  social 
security  account  number  means  to  obtain,  directly  or 
indirectly,  anything  of  value  in  exchange  for  such  num- 
ber. 

(ii)  Purchase. — The  term  "purchase"  in  connection 
with  a  social  security  account  number  means  to  pro- 
vide, directly  or  indirectly,  anything  of  value  in  ex- 
change for  such  number. 

(B)  EXCEPTIONS. — The  terms  "sell"  and  "purchase"  in 
connection  with  a  social  security  account  number  do  not  in- 
clude the  submission  of  such  number  as  part  of — 

(i)  the  process  for  applying  for  any  type  of  Govern- 
ment benefits  or  programs  (such  as  grants  or  loans  or 
welfare  or  other  public  assistance  programs), 

(ii)  the  administration  of,  or  provision  of  benefits 
under,  an  employee  benefit  plan,  or 

(Hi)  the  sale,  lease,  merger,  transfer,  or  exchange  of 
a  trade  or  business. 

(3)  Display  to  the  general  public. — 

(A)  In  GENERAL. — The  term  "display  to  the  general  pub- 
lic" means,  in  connection  with  a  social  security  account 
number,  to  intentionally  place  such  number  in  a  viewable 
manner  on  an  Internet  site  that  is  available  to  the  general 
public  or  to  make  such  number  available  in  any  other  man- 
ner intended  to  provide  access  to  such  number  by  the  gen- 
eral public. 
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(B)  Internet  transmissions.— In  any  case  in  which  a 
person  requires  transmittal  to  such  person  of  an  individ- 
ual's social  security  account  number  by  means  of  the  Inter- 
net without  ensuring  that  such  number  is  encrypted  or  oth- 
erwise well-secured  from  disclosure,  any  such  transmittal  of 
such  number  as  so  required  shall  be  treated  as  a  "display 
to  the  general  public"  of  such  number  by  such  person. 

(4)  Social  security  account  number. — 

(A)  In  general. — The  term  "social  security  account  num- 
ber" has  the  meaning  given  such  term  in  section  208(e),  ex- 
cept that  such  term  includes  any  derivative  of  such  number. 

(B)  4-DIGIT  EXPRESSION. — Notwithstanding  the  preceding 
sentence,  for  purposes  of  subsection  (b)(1)(A),  any  expres- 
sion, contained  in  or  on  any  item  sold  or  displayed  to  the 
general  public,  shall  not  be  treated  as  a  social  security  ac- 
count number  solely  because  such  expression  sets  forth  not 
more  than  the  last  4  digits  of  such  number,  if  the  remain- 
der of  such  number  cannot  be  determined  based  solely  on 
such  expression  or  any  other  matter  presented  in  or  on  such 
item. 

(5)  Governmental  entity. — 

(A)  In  general. — The  term  "governmental  entity"  means 
an  executive,  legislative,  or  judicial  agency  or  instrumen- 
tality of  the  Federal  Government,  a  State  or  political  sub- 
division thereof  a  Federally  recognized  Indian  tribe,  or  a 
trustee  appointed  in  a  case  under  title  11,  United  States 
Code.  Such  term  includes  a  person  acting  as  an  agent  of 
such  an  agency  or  instrumentality,  Indian  tribe,  or  trustee. 

(B)  State. — The  term  "State"  includes  the  District  of  Co- 
lumbia, the  Commonwealth  of  Puerto  Rico,  the  Virgin  Is- 
lands, Guam,  the  Commonwealth  of  the  Northern  Mari- 
anas, and  the  Trust  Territory  of  the  Pacific  Islands. 

(b)  Prohibition  of  Sale,  Purchase,  and  Display  to  the  Gen- 
eral Public. — 

(1)  In  GENERAL. — Except  as  provided  in  paragraph  (2),  it 
shall  be  unlawful  for  any  person  to — 

(A)  sell  or  purchase  a  social  security  account  number  or 
display  to  the  general  public  a  social  security  account  num- 
ber, or 

(B)  obtain  or  use  any  individual's  social  security  account 
number  for  the  purpose  of  locating  or  identifying  such  indi- 
vidual with  the  intent  to  harass,  harm,  or  physically  injure 
such  individual  or  using  the  identity  of  such  individual  for 
any  illegal  purpose. 

(2)  Exceptions. — 

(A)  In  GENERAL. — Notwithstanding  paragraph  (1),  and 
subject  to  paragraph  (3),  a  social  security  account  number 
may  be  sold  or  purchased  by  any  person  to  the  extent  pro- 
vided in  this  subsection  (and  for  no  other  purpose)  as  fol- 
lows: 

(i)  to  the  extent  necessary  for  law  enforcement,  in- 
cluding (but  not  limited  to)  the  enforcement  of  a  child 
support  obligation,  as  determined  under  regulations 
issued  as  provided  in  section  1129C; 
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(ii)  to  the  extent  necessary  for  national  security  pur- 
poses, as  determined  under  regulations  issued  as  pro- 
vided in  section  1129C; 

(Hi)  to  the  extent  necessary  for  public  health  pur- 
poses; 

(iv)  to  the  extent  necessary  in  emergency  situations  to 
protect  the  health  or  safety  of  1  or  more  individuals; 

(v)  to  the  extent  that  the  sale  or  purchase  is  required 
to  comply  with  a  tax  law  of  the  United  States  or  of  any 
State  (or  political  subdivision  thereof); 

(vi)  to  the  extent  that  the  sale  or  purchase  is  to  or  by 
a  consumer  reporting  agency  (as  defined  in  section 
603(f)  of  the  Fair  Credit  Reporting  Act  (15  U.S.C. 
1681a(f)))  for  use  or  disclosure  solely  for  permissible 
purposes  described  in  section  604(a)  of  such  Act  (15 
U.S.C.  1681b(a));  and 

(vii)  to  the  extent  necessary  for  research  (other  than 
market  research)  conducted  by  an  agency  or  instrumen- 
tality of  the  United  States  or  of  a  State  or  political  sub- 
division thereof  (or  a  person  acting  as  an  agent  of  such 
an  agency  or  instrumentality)  for  the  purpose  of  ad- 
vancing the  public  good,  on  the  condition  that  the  re- 
searcher provides  adequate  assurances  that — 

(I)  the  social  security  account  numbers  will  not 
be  used  to  harass,  target,  or  publicly  reveal  infor- 
mation concerning  any  identifiable  individuals; 

(II)  information  about  identifiable  individuals 
obtained  from  the  research  will  not  be  used  to 
make  decisions  that  directly  affect  the  rights,  bene- 
fits, or  privileges  of  specific  individuals;  and 

(III)  the  researcher  has  in  place  appropriate  safe- 
guards to  protect  the  privacy  and  confidentiality  of 
any  information  about  identifiable  individuals,  in- 
cluding procedures  to  ensure  that  the  social  secu- 
rity account  numbers  will  be  encrypted  or  other- 
wise appropriately  secured  from  unauthorized  dis- 
closure. 

(B)  Medical  RESEARCH. — In  the  case  of  research  referred 
to  in  subparagraph  (A)(vii)  consisting  of  medical  research, 
the  Commissioner  of  Social  Security  shall  maintain  ongo- 
ing consultation  with  the  Office  for  Civil  Rights  of  the  De- 
partment of  Health  and  Human  Services  to  ensure  that  the 
sale  or  purchase  of  social  security  account  numbers  which 
constitute  personally  identifiable  medical  information  is 
permitted  only  in  compliance  with  existing  Federal  rules 
and  regulations  prescribed  by  the  Secretary  of  Health  and 
Human  Services  pursuant  to  section  264(c)  of  the  Health 
Insurance  Portability  and  Accountability  Act  of  1996  (110 
Stat.  2033). 

(3)  Consent  and  other  circumstances  determined  by 
REGULATION. — Notwithstanding  paragraph  (1),  a  social  security 
account  number  assigned  to  an  individual  may  be  sold  or  pur- 
chased by  any  person — 
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(A)  to  the  extent  consistent  with  such  individual's  vol- 
untary and  affirmative  written  consent  to  the  sale  or  pur- 
chase, but  only  if — 

(i)  the  terms  of  the  consent  and  the  right  to  refuse 
consent  are  presented  to  the  individual  in  a  clear,  con- 
spicuous, and  understandable  manner, 

(ii)  the  individual  is  placed  under  no  obligation  to 
provide  consent  to  any  such  sale  or  purchase,  and 

(Hi)  the  terms  of  the  consent  authorize  the  individual 
to  limit  the  sale  or  purchase  to  purposes  directly  associ- 
ated with  the  transaction  with  respect  to  which  the 
consent  is  sought,  and 

(B)  under  such  circumstances  as  may  be  deemed  appro- 
priate in  regulations  issued  as  provided  under  section 
1129C. 

(c)  Prohibition  of  Display  on  Checks— It  shall  be  unlawful  for 
any  person  to  include  the  social  security  account  number  of  any 
other  individual  on  any  check  issued  for  any  payment  by  such  per- 
son or  on  any  document  attached  to  or  accompanying  such  a  check. 

(d)  Prohibition  of  Unauthorized  Disclosure  to  Government 
Agencies  or  Instrumentalities. — 

(1)  In  GENERAL. — It  shall  be  unlawful  for  any  person  to  com- 
municate by  any  means  to  any  agency  or  instrumentality  of  the 
United  States  or  of  any  State  or  political  subdivision  thereof  the 
social  security  account  number  of  any  individual  other  than 
such  person  without  the  written  permission  of  such  individual, 
unless  the  number  was  requested  by  the  agency  or  instrumen- 
tality. In  the  case  of  an  individual  who  is  legally  incompetent, 
permission  provided  by  the  individual's  legal  representatives 
shall  be  deemed  to  be  permission  provided  by  such  individual. 

(2)  Exceptions. — Paragraph  (1)  shall  not  apply  to  the  extent 
necessary — 

(A)  for  law  enforcement,  including  (but  not  limited  to)  the 
enforcement  of  a  child  support  obligation,  or 

(B)  for  national  security  purposes, 

as  determined  under  regulations  issued  as  provided  under  sec- 
tion 1129C. 

(e)  Prohibition  of  the  Displays  on  Cards  or  Tags  Required 
for  Access  to  Goods,  Services,  or  Benefits.— No  person  may 
display  a  social  security  account  number  on  any  card  or  tag  issued 
to  any  other  person  for  the  purpose  of  providing  such  other  person 
access  to  any  goods,  services,  or  benefits  or  include  on  such  card  or 
tag  a  magnetic  strip,  bar  code,  or  other  means  of  communication 
which  conveys  such  number. 

(f)  Prohibition  of  the  Displays  on  Employee  Identification 
Cards  OR  TAGS. — No  person  that  is  an  employer,  and  no  other  per- 
son offering  benefits  in  connection  with  an  employee  benefit  plan 
maintained  by  such  employer  or  acting  as  an  agent  of  such  em- 
ployer, may  display  a  social  security  account  number  on  any  card 
or  tag  that  is  commonly  provided  to  employees  of  such  employer  (or 
to  their  family  members)  for  purposes  of  identification  or  include  on 
such  card  or  tag  a  magnetic  strip,  bar  code,  or  other  means  of  com- 
munication which  conveys  such  number. 

(g)  Measures  to  Preclude  Unauthorized  Disclosure  of  So- 
cial Security  Account  Numbers  and  Protect  the  Confiden- 


61 


tiality  OF  Such  Numbers. — Subject  to  the  preceding  provisions  of 
this  section,  any  person  having  access  to  the  social  security  account 
number  of  any  individual  other  than  such  person  shall,  to  the  extent 
that  such  access  is  maintained  for  the  conduct  of  such  person's 
trade  or  business — 

(1)  ensure  that  no  officer  or  employee  thereof  has  access  to 
such  number  for  any  purpose  other  than  as  necessary  for  the 
conduct  of  such  person's  trade  or  business, 

(2)  restrict,  in  accordance  with  regulations  of  the  Commis- 
sioner of  Social  Security,  access  to  social  security  account  num- 
bers obtained  thereby  to  officers  and  employees  thereof  whose 
duties  or  responsibilities  require  access  for  the  conduct  of  such 
person's  trade  or  business,  and 

(3)  provide  such  safeguards  as  may  be  specified,  in  regula- 
tions of  the  Commissioner  of  Social  Security,  to  be  necessary  or 
appropriate  to  preclude  unauthorized  access  to  the  social  secu- 
rity account  number  and  to  otherwise  protect  the  confidentiality 
of  such  number. 

(h)  Deceased  Individuals. — This  section  does  not  apply  with  re- 
spect to  the  social  security  account  number  of  a  deceased  individual. 

(i)  Applicability  of  Other  Protections.— Nothing  in  the  pre- 
ceding subsections  of  this  section  shall  be  construed  as  superseding, 
altering,  or  affecting  any  statutory  provision,  regulation,  order,  or 
interpretation  in  effect  under  any  other  Federal  or  State  law,  except 
to  the  extent  that  such  statutory  provision,  regulation,  order,  or  in- 
terpretation is  inconsistent  with  such  subsections,  and  then  only  to 
the  extent  of  the  inconsistency.  For  purposes  of  this  subclause,  a 
statutory  provision,  regulation,  order,  or  interpretation  is  not  incon- 
sistent with  the  preceding  subsections  of  this  section  if  the  protection 
such  statutory  provision,  regulation,  order,  or  interpretation  affords 
any  person  is  greater  than  the  protection  provided  under  such  sub- 
sections. 

TITLE  VIII— SPECIAL  BENEFITS  FOR 
CERTAIN  WORLD  WAR  II  VETERANS 

*  *  *  *  *  *  * 

SEC.  811.  PENALTIES  FOR  FRAUD. 

(a)  In  General.— Whoever — 

^  *  *  * 

[shall  be  fined  under  title  18,  United  States  Code,  imprisoned  not 
more  than  5  years,  or  both.]  shall  be  fined,  imprisoned,  or  both,  as 
provided  in  subsection  (b). 

(b)  Punishment.— A  person  convicted  of  a  violation  described  in 
subsection  (a)  shall  be — 

(1)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  5  years,  or  both,  in  the  case  of  an  initial  viola- 
tion, subject  to  paragraphs  (3)  and  (4), 

(2)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  10  years,  or  both,  in  the  case  of  a  violation  which 
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occurs  after  a  prior  conviction  for  another  offense  under  sub- 
section (a)  becomes  final,  subject  to  paragraphs  (3)  and  (4), 

(3)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  20  years,  in  the  case  of  a  violation  which  is  com- 
mitted to  facilitate  a  drug  trafficking  crime  (as  defined  in  sec- 
tion 929(a)(2)  of  title  18,  United  States  Code)  or  in  connection 
with  a  crime  of  violence  (as  defined  in  section  924(c)(3)  of  title 
18,  United  States  Code)  involving  force  against  the  person  of 
another,  subject  to  paragraph  (4),  and 

(4)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  25  years,  in  the  case  of  a  violation  which  is  com- 
mitted to  facilitate  an  act  of  international  or  domestic  terrorism 
(as  defined  in  paragraphs  (1)  and  (5),  respectively,  of  section 
2331  of  title  18,  United  States  Code). 

[(b)]  (c)  Court  Order  for  Restitution.— 

^  *  *  * 


TITLE  XI— GENERAL  PROVISIONS,  PEER  REVIEW,  AND 
ADMINISTRATIVE  SIMPLIFICATION 


Part  A — General  Provisions 

SEC.  1129.  CIVIL  MONETARY  PENALTIES  AND  ASSESSMENTS  FOR  TI- 
TLES II,  VIII  AND  XVI. 

(a)(1)   *  *  * 

(2)  In  addition,  the  Commissioner  of  Social  Security  may  make 
a  determination  in  the  same  proceeding  to  recommend  that  the 
Secretary  exclude,  as  provided  in  section  1128,  such  a  person  who 
is  a  medical  provider  or  physician  from  participation  in  the  pro- 
grams under  title  XVIII. 

(3)  Any  person  (including  an  organization,  agency,  or  other  entity) 
who — 

(A)  uses  a  social  security  account  number  that  such  person 
knows  or  should  know  has  been  assigned  by  the  Commissioner 
of  Social  Security  (in  an  exercise  of  authority  under  section 
205(c)(2)  to  establish  and  maintain  records)  on  the  basis  of 
false  information  furnished  to  the  Commissioner  by  any  person; 

(B)  falsely  represents  a  number  to  be  the  social  security  ac- 
count number  assigned  by  the  Commissioner  of  Social  Security 
to  any  individual,  when  such  person  knows  or  should  know 
that  such  number  is  not  the  social  security  account  number  as- 
signed by  the  Commissioner  to  such  individual; 

(C)  with  intent  to  deceive,  alters  a  social  security  card  that 
the  person  knows  or  should  know  was  issued  by  the  Commis- 
sioner of  Social  Security,  or  possesses  such  a  card  with  intent 
to  alter  it; 

(D)  buys  or  sells  a  card  that  such  person  knows  or  should 
know  is,  or  is  purported  to  be,  a  card  issued  by  the  Commis- 
sioner of  Social  Security,  or  possesses  such  a  card  with  intent 
to  buy  or  sell  it; 

(E)  counterfeits  a  social  security  card,  or  possesses  a  counter- 
feit social  security  card  with  intent  to  buy  or  sell  it; 
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(F)  discloses,  uses,  compels  the  disclosure  of,  or  knowingly 
sells  or  purchases  the  social  security  account  number  of  any 
person  in  violation  of  the  laws  of  the  United  States; 

( G)  with  intent  to  deceive  the  Commissioner  of  Social  Security 
as  to  such  person's  true  identity  (or  the  true  identity  of  any 
other  person),  furnishes  or  causes  to  be  furnished  false  informa- 
tion to  the  Commissioner  with  respect  to  any  information  re- 
quired by  the  Commissioner  in  connection  with  the  establish- 
ment and  maintenance  of  the  records  provided  for  in  section 
205(c)(2); 

(H)  without  lawful  authority,  offers,  for  a  fee,  to  acquire  for 
any  individual,  or  to  assist  in  acquiring  for  any  individual,  an 
additional  social  security  account  number  or  a  number  which 
is  purported  to  be  a  social  security  account  number; 

(I)  with  intent  to  deceive,  discloses,  sells,  or  transfers  his  own 
social  security  account  number,  assigned  to  him  by  the  Commis- 
sioner of  Social  Security  under  section  205(c)(2)(B),  to  any  per- 
son; 

(J)  knowingly,  and  with  intent  to  commit,  or  to  aid  or  abet, 
any  activity  that  constitutes  a  violation  of  Federal  law,  or  a  vio- 
lation of  any  applicable  law  of  a  State  or  political  subdivision 
thereof  if  the  maximum  penalty  of  such  applicable  law  includes 
imprisonment  for  5  years  or  more — 

(i)  possesses  a  social  security  account  number  of  another 
individual  without  lawful  authority,  or 

(ii)  possesses  a  social  security  card,  knowing  that  the  so- 
cial security  account  number  or  other  identifying  informa- 
tion displayed  on  the  card  has  been  altered,  counterfeited, 
or  forged  or  that  the  card  was  falsely  made,  stolen,  or  ob- 
tained from  the  Social  Security  Administration  by  use  of 
false  information, 

if  such  activity  is  committed,  or  aided  or  abetted,  with  intent 
to  use  such  social  security  account  number,  social  security  card, 
or  other  identifying  information  displayed  on  such  card  in  fur- 
therance of  such  violation; 
(K)  being — 

(i)  an  officer  or  employee  of  a  governmental  entity  (as  de- 
fined in  section  205(c)(2)(C)(x)(X)),  or 

(ii)  a  person  acting  as  an  agent  of  a  governmental  entity 
(as  so  defined), 

willfully  acts  or  fails  to  act  so  as  to  cause  a  violation  of  clause 
(vi)(II),  (x),  (xi),  (xii),  (xiii),  (xiv),  or  (xv)  of  section  205(c)(2)(C); 

(L)  being  a  trustee  appointed  in  a  case  under  title  11,  United 
States  Code  (or  an  officer  or  employee  thereof  or  a  person  acting 
as  an  agent  thereof),  willfully  acts  or  fails  to  act  so  as  to  cause 
a  violation  of  clause  (x),  (xi),  (xiv),  or  (xv)  of  section  205(c)(2)(C); 

(M)  violates  section  208A  (relating  to  prohibition  of  the  sale, 
purchase,  or  display  of  the  social  security  account  number  in 
the  private  sector)  or,  as  a  person  in  the  private  sector,  violates 
section  205(c)(2)(C)(xv);  or 

(N)  violates  section  208(g)  (relating  to  fraud  by  social  security 
administration  employees); 
shall  be  subject  to,  in  addition  to  any  other  penalties  that  may  be 
prescribed  by  law,  a  civil  money  penalty  of  not  more  than  $5,000 
for  each  violation.  Such  person  shall  also  be  subject  to  an  assess- 
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ment,  in  lieu  of  damages  sustained  by  the  United  States  resulting 
from  such  violation,  of  not  more  than  twice  the  amount  of  any  bene- 
fits or  payments  paid  as  a  result  of  such  violation. 

[(2)1  (4)  For  purposes  of  this  section,  a  material  fact  is  one  which 
the  Commissioner  of  Social  Security  may  consider  in  evaluating 
whether  an  applicant  is  entitled  to  benefits  under  title  II  or  title 
VIII,  or  eligible  for  benefits  or  payments  under  title  XVI. 

[(3)1  (5)  Any  person  (including  an  organization,  agency,  or  other 
entity)  who,  having  received,  while  acting  in  the  capacity  of  a  rep- 
resentative payee  pursuant  to  section  205(j),  807,  or  1631(a)(2),  a 
payment  under  title  II,  VIII,  or  XVI  for  the  use  and  benefit  of  an- 
other individual,  converts  such  payment,  or  any  part  thereof,  to  a 
use  that  such  person  knows  or  should  know  is  other  than  for  the 
use  and  benefit  of  such  other  individual  shall  be  subject  to,  in  addi- 
tion to  any  other  penalties  that  may  be  prescribed  by  law,  a  civil 
money  penalty  of  not  more  than  $5,000  for  each  such  conversion. 
Such  person  shall  also  be  subject  to  an  assessment,  in  lieu  of  dam- 
ages sustained  by  the  United  States  resulting  from  the  conversion, 
of  not  more  than  twice  the  amount  of  any  payments  so  converted. 

REGULATORY  AND  ENFORCEMENT  AUTHORITY  WITH  RESPECT  TO 
MISUSE  OF  THE  SOCIAL  SECURITY  ACCOUNT  NUMBER 

Sec.  1129C.  (a)  Regulatory  Authority. — 

(1)  In  GENERAL. — The  Commissioner  of  Social  Security  shall  pre- 
scribe regulations  to  carry  out  the  provisions  of  clauses  (vi)(II),  (x), 
(xi),  (xii),  (xiii),  (xiv),  and  (xv)  of  section  205(c)(2)(C)  and  section 
208A.  Such  regulations  shall  be  issued  in  consultation  with  the  Fed- 
eral Trade  Commission,  the  Attorney  General  of  the  United  States, 
the  Secretary  of  Homeland  Security,  the  Secretary  of  Health  and 
Human  Services,  the  Secretary  of  the  Treasury,  the  Federal  banking 
agencies  (as  defined  in  section  3  of  the  Federal  Deposit  Insurance 
Act),  the  National  Credit  Union  Administration,  the  Securities  and 
Exchange  Commission,  State  attorneys  general,  and  such  represent- 
atives of  the  State  insurance  commissioners  as  may  be  designated 
by  the  National  Association  of  Insurance  Commissioners. 

(2)  Treatment  of  matters  relating  to  law  enforcement  and 
NATIONAL  SECURITY. — In  issuing  the  regulations  described  in  para- 
graph (1)  with  respect  to  the  provisions  of  205(c)(2)(C)(x)(III),  para- 
graph (A)  or  (B)  of  section  208A(b)(2),  or  section  208A(c)(2)  (relating 
to  law  enforcement  and  national  security),  the  sale  or  purchase  of 
Social  Security  account  numbers  may  be  authorized  only  if  the 
Commissioner  (or  the  agency  or  instrumentality  delegated  authority 
to  issue  such  regulations  under  paragraph  (5))  determines  that — 

(A)  such  sale  or  purchase  would  serve  a  compelling  public  in- 
terest that  cannot  reasonably  be  served  through  alternative 
measures,  and 

(B)  such  sale  or  purchase  will  not  pose  an  unreasonable  risk 
of  identity  theft,  or  bodily,  emotional,  or  financial  harm  to  an 
individual  (taking  into  account  any  restrictions  and  conditions 
that  the  agency  or  instrumentality  issuing  the  regulations  im- 
poses on  the  sale,  purchase,  or  disclosure). 

(3)  Treatment  of  other  matters  in  general  discretion  of 
the  commissioner. — 
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(A)  In  GENERAL. — In  issuing  the  regulations  described  in 
paragraph  (1)  with  respect  to  the  provisions  of  section 
205(c)(2)(C)(x)(VHI)  or  section  208A(b)(3)(B),  the  sale,  purchase, 
or  display  to  the  general  public  of  social  security  account  num- 
bers may  be  authorized  only  after  considering,  among  other  rel- 
evant factors — 

(i)  the  extent  to  which  the  authorization  of  the  sale,  pur- 
chase, or  display  of  the  social  security  account  number 
would  serve  a  compelling  public  interest  that  cannot  rea- 
sonably be  served  through  alternative  measures, 

(ii)  the  associated  cost  or  burden  of  the  authorization  to 
the  general  public,  businesses,  commercial  enterprises,  non- 
profit organizations,  and  Federal,  State,  and  local  govern- 
ments; and 

(Hi)  the  associated  benefit  of  the  authorization  to  the  gen- 
eral public,  businesses,  commercial  enterprises,  non-profit 
associations,  and  Federal,  State,  and  local  governments. 

(B)  Restrictions  and  conditions.— If,  after  considering  the 
factors  in  subparagraph  (A),  the  sale,  purchase,  or  display  to 
the  general  public  of  social  security  account  numbers  is  author- 
ized under  regulations  referred  to  in  subparagraph  (A),  the 
Commissioner  (or  the  agency  or  instrumentality  delegated  au- 
thority to  issue  such  regulations  under  paragraph  (5))  shall  im- 
pose restrictions  and  conditions  on  the  sale,  purchase,  or  dis- 
play to  the  general  public  to  the  extent  necessary — 

(i)  to  provide  reasonable  assurances  that  social  security 
account  numbers  will  not  be  used  to  commit  or  facilitate 
fraud,  deceptions,  or  crime,  and 

(ii)  to  prevent  an  unreasonable  risk  of  identity  theft  or 
bodily,  emotional,  or  financial  harm  to  any  individual,  con- 
sidering the  nature,  likelihood,  and  severity  of  the  antici- 
pated harm  that  could  result  from  the  sale,  purchase,  or 
display  to  the  general  public  of  social  security  account 
numbers,  together  with  the  nature,  likelihood,  and  extent  of 
any  benefits  that  could  be  realized. 

(C)  5-YEAR  EXPIRATION  DATE  FOR  REGULATIONS.— At  the  end 
of  the  5 -year  period  beginning  on  the  effective  date  of  any  final 
regulations  issued  pursuant  to  this  paragraph — 

(i)  such  regulations  shall  expire,  and 

(ii)  new  regulations  may  be  issued  pursuant  to  this  para- 
graph. 

(4)  Administrative  procedure. — In  the  issuance  of  regula- 
tions pursuant  to  this  subsection,  notice  shall  be  provided  as  de- 
scribed in  paragraphs  (1),  (2),  and  (3)  of  section  553(b)  of  title 
5,  United  States  Code,  and  opportunity  to  participate  in  the 
rule  making  shall  be  provided  in  accordance  with  section  553(c) 
of  such  title. 

(5)  Delegation  to  other  agencies.— Any  agency  or  instru- 
mentality of  the  United  States  may  exercise  the  authority  of  the 
Commissioner  under  this  subsection,  with  respect  to  matters 
otherwise  subject  to  regulation  by  such  agency  or  instrumen- 
tality, to  the  extent  determined  appropriate  in  regulations  of  the 
Commissioner. 

(6)  Consultation  and  coordination. — Each  agency  and  in- 
strumentality exercising  authority  to  issue  regulations  under 
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this  subsection  shall  consult  and  coordinate  with  the  other  such 
agencies  and  instrumentalities  for  the  purposes  of  assuring,  to 
the  extent  possible,  that  the  regulations  prescribed  by  each  such 
agency  or  instrumentality  are  consistent  and  comparable,  as  ap- 
propriate, with  the  regulations  prescribed  by  the  other  such 
agencies  and  instrumentalities.  The  Commissioner  shall  under- 
take to  facilitate  such  consultation  and  coordination. 
(7)  Definitions  and  special  rules. — 

(A)  For  purposes  of  this  subsection,  the  terms  "sell",  "pur- 
chase", and  "display  to  the  general  public"  shall  have  the 
meanings  provided  such  terms  under  section  205(c)(2)(C)(x) 
or  section  208A(a),  as  applicable. 

(B)  For  purposes  of  this  subsection,  section 
205(c)(2)(C)(x)(XI)  shall  apply. 

(b)  Coordination  of  Enforcement  with  Other  Agencies. — 
The  Commissioner  may  provide,  by  regulation,  for  enforcement  by 
any  other  agency  or  instrumentality  of  the  United  States  of  the  pro- 
visions of  section  208A  and  regulations  prescribed  pursuant  to  sub- 
section (a)(1)  with  respect  to  section  208A. 

(c)  Actions  by  States  with  Respect  to  Misuse  in  Prpvate 
Sector  or  by  State  and  Local  Governments. — 

(1)  CrviL  ACTIONS. — In  any  case  in  which  the  attorney  general 
of  a  State  (as  defined  in  section  205(c)(2)(C)(x)(X))  has  reason 
to  believe  that  an  interest  of  the  residents  of  that  State  has  been 
or  is  threatened  or  adversely  affected  by  an  act  or  practice  de- 
scribed in  paragraph  (2),  the  State,  as  parens  patriae,  may 
bring  a  civil  action  on  behalf  of  the  residents  of  the  State  in  a 
district  court  of  the  United  States  of  appropriate  jurisdiction, 
to— 

(A)  enjoin  that  act  or  practice; 

(B)  enforce  compliance  with  the  regulation; 

(C)  obtain  civil  penalties  in  an  amount  of  $11,000  per 
violation  not  to  exceed  a  total  of  $5,000,000;  or 

(D)  obtain  such  other  legal  and  equitable  relief  as  the 
district  court  may  consider  to  be  appropriate. 

Before  filing  an  action  under  this  subsection,  the  attorney  gen- 
eral of  the  State  involved  shall  provide  to  the  Commissioner  of 
Social  Security  and  the  Attorney  General  of  the  United  States 
a  written  notice  of  that  action  and  a  copy  of  the  complaint  for 
that  action.  If  the  State  attorney  general  determines  that  it  is 
not  feasible  to  provide  the  notice  described  in  this  subparagraph 
before  the  filing  of  the  action,  the  State  attorney  general  shall 
provide  the  written  notice  and  the  copy  of  the  complaint  as  soon 
after  the  filing  of  the  complaint  as  practicable.  Any  reference  in 
this  subsection  to  the  attorney  general  of  a  State  shall  be 
deemed  also  to  be  a  reference  to  any  equivalent  official  of  such 
State. 

(2)  Acts  or  practices  subject  to  enforcement.— An  act 
or  practice  described  in  this  paragraph  is — 

(A)  an  act  or  practice  by  an  executive,  legislative,  or  judi- 
cial agency  or  instrumentality  of  the  State  involved  or  a  po- 
litical subdivision  thereof,  a  person  acting  as  an  agent 
thereof,  or  any  officer  or  employee  of  the  foregoing  or  person 
acting  as  an  agent  of  the  foregoing  that  violates  clause 
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(vi)(II),    (x),    (xi),    (xii),    (xiii),    (xiv),    or   (xv)   of  section 
205(c)(2)(C)  or  any  regulation  promulgated  thereunder,  or 
(B)  an  act  or  practice  by  any  person  that  violates  section 
208A  or  any  regulation  promulgated  thereunder. 

(3)  Attorney  general  authority. — On  receiving  notice 
under  paragraph  ( 1),  the  Attorney  General  of  the  United  States 
shall  have  the  right — 

(A)  to  move  to  stay  the  action,  pending  the  final  disposi- 
tion of  a  pending  Federal  matter  as  described  in  paragraph 
(4); 

(B)  to  intervene  in  an  action  under  paragraph  (1); 

(C)  upon  so  intervening,  to  be  heard  on  all  matters  aris- 
ing therein;  and 

(D)  to  file  petitions  for  appeal. 

(4)  Pending  criminal  proceedings.— If  the  Attorney  Gen- 
eral of  the  United  States  has  instituted  a  criminal  proceeding 
under  section  208  alleging  an  act  or  practice  described  in  para- 
graph (2)  in  connection  with  any  State,  such  State  may  not, 
during  the  pendency  of  such  proceeding  or  action,  bring  an  ac- 
tion under  this  subsection  against  any  defendant  named  in  the 
criminal  proceeding. 

(5)  RULE  OF  CONSTRUCTION. — For  purposes  of  bringing  any 
civil  action  under  paragraph  (1),  nothing  in  this  subsection 
shall  be  construed  to  prevent  an  attorney  general  of  a  State 
from  exercising  the  powers  conferred  on  the  attorney  general  by 
the  laws  of  that  State  to  conduct  investigations,  administer 
oaths  and  affirmations,  or  compel  the  attendance  of  witnesses 
or  the  production  of  documentary  and  other  evidence. 

(6)  VENUE;  SERVICE  OF  PROCESS.— Any  action  brought  under 
paragraph  (1)  may  be  brought  in  any  district  court  of  the 
United  States  that  meets  applicable  requirements  relating  to 
venue  under  section  1391  of  title  28,  United  States  Code.  In  an 
action  brought  under  paragraph  (1),  process  may  be  served  in 
any  district  in  which  the  defendant  is  an  inhabitant  or  may  be 
found. 

(d)  Remedies  to  Individuals  for  Violations  by  the  Federal 
Government  of  Requirements  Relating  to  Social  Security 
Account  Numbers. — 

(1)  CIVIL  ACTIONS. — Any  individual  who  is  aggrieved  by  an 
act  or  practice  by  any  person  acting  as  an  officer,  employee,  or 
agent  of  an  agency  or  instrumentality  of  the  Federal  Govern- 
ment in  violation  of  the  requirements  of  clause  ( vi)(II),  (x),  (xi), 
(xii),  (xiii),  (xiv),  or  (xv)  of  subsection  (c)(2)(C)  with  respect  to 
the  social  security  account  number  assigned  to  such  individual 
under  subsection  (c)(2)(B)  may  commence  a  civil  action  for  ap- 
propriate equitable  relief  or  actual  damages. 

(2)  VENUE;  SERVICE  OF  PROCESS.— An  action  under  this  sub- 
section action  may  be  brought  in  the  district  court  of  the  United 
States  for  the  judicial  district  in  which  the  plaintiff  resides,  or 
has  his  principal  place  of  business,  in  which  the  violation  took 
place,  or  in  which  the  defendant  resides  or  may  be  found,  and 
process  may  be  served  in  any  other  district  in  which  a  defend- 
ant resides  or  may  be  found. 

(3)  Jurisdiction. — The  district  courts  of  the  United  States 
shall  have  jurisdiction,  without  respect  to  the  amount  in  con- 
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troversy  or  the  citizenship  of  the  parties,  to  grant  the  relief  pro- 
vided for  in  paragraph  ( 1). 

(4)  Attorney's  fees. — In  any  action  under  this  subsection, 
the  court  in  its  discretion  may  allow  a  reasonable  attorney's  fee 
and  costs  of  action  to  either  party, 
(e)  Ongoing  Gao  Review  on  Efficacy  of  Regulations. — 

(1)  In  GENERAL. — The  Comptroller  General  of  the  United 
States  shall  conduct  an  ongoing  review  of  the  efficacy  of  the  reg- 
ulations prescribed  by  any  agency  or  instrumentality  of  the 
United  States  pursuant  to  this  section.  Such  review  shall  con- 
sider the  extent  to  which  such  regulations  are  consistent  with, 
and  in  furtherance  of  the  purposes  of,  the  amendments  made  by 
the  Social  Security  Number  Privacy  and  Identity  Theft  Preven- 
tion Act  of  2007. 

(2)  Report. — Not  later  than  4  years  after  the  effective  date  of 
any  final  regulations  issued  by  any  agency  or  instrumentality 
of  the  United  States  pursuant  to  this  section,  the  Comptroller 
General  shall  report  to  each  House  of  the  Congress  regarding 
the  results  of  the  review  of  such  regulations  conducted  under 
this  paragraph.  Such  report  shall  include  the  Comptroller  Gen- 
eral's recommendations  for  such  statutory  or  regulatory  changes 
as  the  Comptroller  General  considers  appropriate. 

TITLE  XVI— SUPPLEMENTAL  SECURITY  INCOME  FOR  THE 
AGED,  BLIND,  AND  DISABLED 

Part  B — Procedural  and  General  Provisions 

PENALTIES  FOR  FRAUD 

Sec.  1632.  (a)  Whoever— 

*  *  * 

[shall  be  fined  under  title  18,  United  States  Code,  imprisoned  not 
more  than  5  years,  or  both.]  shall  be  fined,  imprisoned,  or  both,  as 
provided  in  subsection  (b). 

(b)  A  person  convicted  of  a  violation  described  in  subsection  (a) 
shall  be — 

(1)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  5  years,  or  both,  in  the  case  of  an  initial  viola- 
tion, subject  to  paragraphs  (3)  and  (4), 

(2)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  10  years,  or  both,  in  the  case  of  a  violation  which 
occurs  after  a  prior  conviction  for  another  offense  under  sub- 
section (a)  becomes  final,  subject  to  paragraphs  (3)  and  (4), 

(3)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  20  years,  in  the  case  of  a  violation  which  is  com- 
mitted to  facilitate  a  drug  trafficking  crime  (as  defined  in  sec- 
tion 929(a)(2)  of  title  18,  United  States  Code)  or  in  connection 
with  a  crime  of  violence  (as  defined  in  section  924(c)(3)  of  title 
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18,  United  States  Code)  involving  force  against  the  person  of 
another,  subject  to  paragraph  (4),  and 

(4)  fined  under  title  18,  United  States  Code,  or  imprisoned  for 
not  more  than  25  years,  in  the  case  of  a  violation  which  is  com- 
mitted to  facilitate  an  act  of  international  or  domestic  terrorism 
(as  defined  in  paragraphs  (1)  and  (5),  respectively,  of  section 
2331  of  title  18,  United  States  Code). 
[(b)]  (c)(1)   *  *  * 

[(c)]  (d)  Any  person  or  entity  convicted  of  a  violation  of  sub- 
section (a)  of  this  section  or  of  section  208  may  not  be  certified  as 
a  representative  payee  under  section  1631(a)(2). 


VII.  ADDITIONAL  VIEWS 


ADDITIONAL  VIEWS  OE  HON.  KENNY  C.  HULSHOF 

The  absence  of  overarching  Federal  law  regulating  the  sale,  pur- 
chase, and  display  to  the  general  public  of  Social  Security  numbers 
(SSNs),  and  the  growing  threat  represented  by  SSN  misuse  and 
identity  theft,  have  prompted  a  need  to  better  protect  the  privacy 
and  integrity  of  SSNs.  The  purpose  of  the  "Social  Security  Number 
Privacy  and  Identity  Theft  Prevention  Act  of  2007,"  H.R.  3046,  is 
to  enhance  Social  Security  number  privacy  protections  and  to  oth- 
erwise enhance  protections  against  identity  theft. 

Concerns  have  been  raised  that  the  provisions  in  H.R.  3046 
would  harm  a  consumer's  ability  to  obtain  benefits  such  as  credit 
as  stipulated  by  the  Fair  Credit  Reporting  Act  (FCRA). 

The  bill  addresses  these  concerns  by  providing  exceptions  to  the 
prohibitions  on  SSN  sale  and  purchase,  as  follows:  (1)  by  or  to  a 
consumer  reporting  agency  for  use  or  disclosure  for  permissible 
purposes  described  in  the  FCRA;  (2)  with  affirmative  written  con- 
sent; and  (3)  under  other  circumstances  determined  appropriate  ac- 
cording to  regulations.  Also,  to  permit  accurate  data-matching  to 
continue  without  jeopardizing  SSN  privacy,  the  bill  provides  for  the 
sale  and  display  to  the  general  public  of  the  last  four  digits  of  the 
SSN  for  two  years  after  the  effective  date  of  the  final  regulation. 
This  authority  may  be  extended  with  action  by  Congress. 

As  the  bill  advances  through  the  legislative  process,  continued  ef- 
forts should  be  made  to  protect  the  accuracy  of  credit  reports  and 
other  consumer  reports,  along  with  the  legitimate  uses  of  the  SSN 
by  financial  institutions. 

Kenny  C.  Hulshof. 
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ADDITIONAL  VIEWS  OF  HON.  PATRICK  J.  TIBERI 


I  agree  with  the  goal  of  H.R.  3046,  the  "Social  Security  Number 
Privacy  and  Identity  Theft  Prevention  Act  of  2007."  We,  as  holders 
of  the  public  trust,  need  to  do  everything  within  our  power  to  en- 
sure our  constituents'  personal  information  remains  exactly  that — 
personal.  We  need  to  make  sure  that  key  information,  like  a  Social 
Security  number,  is  used  in  a  responsible  and  protected  way. 
Chairman  McNulty  and  Ranking  Member  Johnson  deserve  a  great 
deal  of  credit  for  their  dedication  and  hard  work  on  this  bill. 

During  markup  of  this  legislation  I  expressed  a  concern  about 
the  balance  between  restricting  the  use  of  Social  Security  numbers 
where  there  is  no  compelling  purpose,  and  allowing  continued  use 
where  they  may  be  needed  for  important  and  legitimate  purposes. 
I  would  like  to  take  this  opportunity  to  elaborate  on  my  comments. 

The  bill  prohibits  the  sale,  purchase,  and  display  of  Social  Secu- 
rity numbers,  with  limited  exceptions:  for  law  enforcement  pur- 
poses, national  security  purposes,  public  health  purposes,  emer- 
gency situations,  compliance  with  a  tax  law,  use  or  disclosure  by 
a  consumer  reporting  agency  for  the  permissible  purposes  of  section 
604(a)  of  the  Fair  Credit  Reporting  Act  (FCRA),  certain  research, 
and  when  the  consumer  has  consented. 

The  committee  did  not  explicitly  allow  the  use  of  Social  Security 
numbers  for  the  detection  and  prevention  of  fraud  or  to  verify  a 
person's  identity  in  connection  with  financial  transactions.  Banks 
are  mandated  by  Section  326  of  the  USA  PATRIOT  Act  to  have  a 
Customer  Identification  Program,  intended  to  enable  the  bank  to 
form  a  reasonable  belief  that  it  knows  the  true  identity  of  each  cus- 
tomer. It  is  obviously  important  that  the  identity  verification  proc- 
ess produces  a  high  degree  of  confidence  in  the  person's  identity. 

The  bill  authorizes  the  Social  Security  Administration  to  provide 
additional  exceptions  by  regulation.  As  a  former  Member  of  the 
Committee  on  Financial  Services,  I  note  that  these  uses  are  al- 
lowed under  the  Gramm-Leach-Bliley  Act  for  all  "nonpublic  per- 
sonal information,"  which  includes  Social  Security  numbers.  It  also 
permits  the  use  of  Social  Security  numbers  only  for  FCRA  section 
604(a),  rather  than  for  all  of  the  permissible  purposes  under  that 
Act.  Without  specific  attention  to  this  matter,  I'm  concerned  that 
H.R.  3046  could,  in  fact,  overturn  Gramm-Leach-Bliley  to  prohibit 
the  use  of  Social  Security  numbers  for  legitimate  purposes.  They 
should  be  provided  for  by  statute,  rather  than  left  to  the  chances 
of  a  regulatory  process. 
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I  appreciate  Chairman  Rangel's  offer  to  work  with  me  to  resolve 
this  issue  and  hope  that  it  can  be  addressed  as  the  bill  moves  for- 
ward. 

Patrick  J.  Tiberi. 
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